GRANT

Provide access to database objects.

Provide access to database objects.

Synopsis 

GRANT permission_name PERMISSION
| ( GRANT ALL PERMISSIONS ) ON resource TO user_name

permission_name is one of these:

  • ALL
  • ALTER
  • AUTHORIZE
  • CREATE
  • DROP
  • MODIFY
  • SELECT

resource is one of these:

  • ALL KEYSPACES
  • KEYSPACE keyspace_name
  • TABLE keyspace_name.table_name
Legend
  • Uppercase means literal
  • Lowercase means not literal
  • Italics mean optional
  • The pipe (|) symbol means OR or AND/OR
  • Ellipsis (...) means repeatable

A semicolon that terminates CQL statements is not included in the synopsis.

Description 

Permissions to access all keyspaces, a named keyspace, or a table can be granted to a user. Enclose the user name in single quotation marks if it contains non-alphanumeric characters.

Table 2 lists the permissions needed to use CQL statements:

CQL Permissions
Permission CQL Statement
ALTER ALTER KEYSPACE, ALTER TABLE, CREATE INDEX, DROP INDEX
AUTHORIZE GRANT, REVOKE
CREATE CREATE KEYSPACE, CREATE TABLE
DROP DROP KEYSPACE, DROP TABLE
MODIFY INSERT, DELETE, UPDATE, TRUNCATE
SELECT SELECT

To be able to perform SELECT queries on a table, you have to have SELECT permission on the table, on its parent keyspace, or on ALL KEYSPACES. To be able to CREATE TABLE you need CREATE permission on its parent keyspace or ALL KEYSPACES. You need to be a superuser or to have AUTHORIZE permission on a resource (or one of its parents in the hierarchy) plus the permission in question to be able to GRANT or REVOKE that permission to or from a user. GRANT, REVOKE and LIST permissions check for the existence of the table and keyspace before execution. GRANT and REVOKE check that the user exists.

Examples 

Give spillman permission to perform SELECT queries on all tables in all keyspaces:

GRANT SELECT ON ALL KEYSPACES TO spillman;

Give akers permission to perform INSERT, UPDATE, DELETE and TRUNCATE queries on all tables in the field keyspace.

GRANT MODIFY ON KEYSPACE field TO akers;

Give boone permission to perform ALTER KEYSPACE queries on the forty9ers keyspace, and also ALTER TABLE, CREATE INDEX and DROP INDEX queries on all tables in forty9ers keyspace:

GRANT ALTER ON KEYSPACE forty9ers TO boone;

Give boone permission to run all types of queries on ravens.plays table.

GRANT ALL PERMISSIONS ON ravens.plays TO boone;

To grant access to a keyspace to just one user, assuming nobody else has ALL KEYSPACES access, you use this statement.

GRANT ALL ON KEYSPACE keyspace_name TO user_name