Changing the default superuser

You can change the default superuser from the default cassandra user.

By default, each installation of Cassandra includes a superuser account named cassandra whose password is also cassandra. A superuser grants initial permissions to access Cassandra data, and subsequently a user may or may not be given the permission to grant/revoke permissions.

Procedure

  1. Configure internal authentication if you have not already done so.
  2. Create another superuser, not named cassandra, using the CREATE USER command.
  3. Log in as that new superuser.
  4. Change the cassandra user password to something long and incomprehensible, and then forget about it. It won't be used again.
  5. Take away the cassandra user's superuser status.
  6. Now, that the superuser password is secure, set up user accounts and authorize users to access the database objects by using CQL to grant them permissions on those objects.

    CQL 3 supports the following authentication statements: