Configuring internal authorization
Steps for adding the CassandraAuthorizer.
CassandraAuthorizer is one of many possible IAuthorizer implementations. Its
advantage is that it stores permissions in the
system_auth.permissions
table to support all
authorization-related CQL statements.
Note: To configure authentication, see Internal authentication.
cassandra.yaml
- The cassandra.yaml file is located in the installation_location/conf directory.
Procedure
-
In the cassandra.yaml file, change
the authorizer setting to
CassandraAuthorizer
.authorizer: CassandraAuthorizer
You can use any authenticator except AllowAll. -
Increase the replication
factor for the
system_auth
keyspace if not already configured. -
Fetching role permissions can be a costly operation. Role permissions can be
cached to decrease the burden. Adjust the validity period for permission caching
by setting the /en/ddac/doc/datastax_enterprise/config/configCassandra_yaml.html#configCassandra_yaml__permissions_validity_in_ms
option in the cassandra.yaml file. The default
value is 2000 milliseconds. The caching can be disabled by setting the option to
0. This setting is disabled automatically if the authorizer is set to
AllowAllAuthorizer
permissions_validity_in_ms: 2000
-
A refresh interval for role caches can also be configured by setting the /en/ddac/doc/datastax_enterprise/config/configCassandra_yaml.html#configCassandra_yaml__permissions_update_interval_in_ms option in
the cassandra.yaml file. The default
value is the same value as the
permissions_validity_in_ms
setting. Ifpermissions_validity_in_ms
is non-zero, this setting must be set.permissions_update_interval_in_ms: 2000