Configuring internal authorization

Steps for adding the CassandraAuthorizer.

CassandraAuthorizer is one of many possible IAuthorizer implementations, and the one that stores permissions in the system_auth.permissions table to support all authorization-related CQL 3 statements. Configuration consists mainly of changing the authorizer option in the cassandra.yaml to use the CassandraAuthorizer.

Note: To configure authentication, see Configuring authentication.


  1. In the cassandra.yaml file, comment out the default AllowAllAuthorizer and add the CassandraAuthorizer.
    #authorizer: org.apache.cassandra.auth.AllowAllAuthorizer
    authorizer: org.apache.cassandra.auth.CassandraAuthorizer
    You can use any authenticator except AllowAll.
  2. Configure the replication factor for the system_auth keyspace.
  3. Adjust the validity period for permissions caching by setting the permissions_validity_in_ms option in the cassandra.yaml.
    Alternatively, disable permission caching by setting this option to 0.


CQL 3 will now support these authorization statements: