LIST PERMISSIONS 

Lists role permissions on resources.

Lists all permissions on all resources, role permissions on all resources, or for a specified resource.
Restriction:
  • Only superusers can list all permissions.
  • Requires DESCRIBE permission on the target resources and roles.

Synopsis 

LIST privilege
[ON resource_name]
[OF role_name] 
[NORECURSIVE]
Legend
Syntax conventions Description
UPPERCASE Literal keyword.
Lowercase Not literal.
Italics Variable value. Replace with a user-defined value.
[] Optional. Square brackets ( [] ) surround optional command arguments. Do not type the square brackets.
( ) Group. Parentheses ( ( ) ) identify a group to choose from. Do not type the parentheses.
| Or. A vertical bar ( | ) separates alternative elements. Type any one of the elements. Do not type the vertical bar.
... Repeatable. An ellipsis ( ... ) indicates that you can repeat the syntax element as often as required.
'Literal string' Single quotation ( ' ) marks must surround literal strings in CQL statements. Use single quotation marks to preserve upper case.
{ key : value } Map collection. Braces ( { } ) enclose map collections or key value pairs. A colon separates the key and the value.
<datatype1,datatype2> Set, list, map, or tuple. Angle brackets ( < > ) enclose data types in a set, list, map, or tuple. Separate the data types with a comma.
cql_statement; End CQL statement. A semicolon ( ; ) terminates all CQL statements.
[--] Separate the command line options from the command arguments with two hyphens ( -- ). This syntax is useful when arguments might be mistaken for command line options.
' <schema> ... </schema> ' Search CQL only: Single quotation marks ( ' ) surround an entire XML schema declaration.
@xml_entity='xml_entity_type' Search CQL only: Identify the entity and literal value to overwrite the XML element in the schema and solrConfig files.
Tip: Omit ON resource_name to display all related resources or OF role_name to display all related roles.
privilege

Permissions granted on a resource to a role; grant a privilege at any level of the resource hierarchy. The full set of available privileges is:

  • ALL PERMISSIONS
  • ALTER
  • AUTHORIZE
  • CREATE
  • DESCRIBE
  • DROP
  • EXECUTE
  • MODIFY
  • PROXY.EXECUTE
  • PROXY.LOGIN
  • SEARCH.ALTER
  • SEARCH.COMMIT
  • SEARCH.CREATE
  • SEARCH.DROP
  • SEARCH.REBUILD
  • SEARCH.RELOAD
  • SELECT
resource_name

DataStax Enterprise database objects to which permissions are applied. Database resources have modelled hierarchy. Grant permissions on a resource higher in the chain to automatically grant that same permission on all resources lower down.

Note: Not all privileges apply to every type of resource. For instance, EXECUTE is only relevant in the context of functions, MBeans, RPC, and authentication schemes. Attempting to grant privileges on a resource that the permission is not applicable results in an error.

Available objects:

role_name
Selects a role. If the role name has capital letters or special characters enclose it in single quotes.
NORECURSIVE

Only display permissions granted to the role. By default permissions checks are recursive; it shows direct and inherited permissions.

Example 

List all permissions given to coach:

LIST ALL 
OF coach;

Output is:

 rolename | resource           | permission
----------+--------------------+------------
    coach | <keyspace field>   |     MODIFY

List permissions given to all the roles:

LIST ALL;

Output is:

 rolename | resource             | permission
----------+----------------------+------------
    coach |     <keyspace field> |     MODIFY
    manager | <keyspace cyclist> |      ALTER
    manager | <table cyclist.name> |     CREATE
    manager | <table cyclist.name> |      ALTER
    manager | <table cyclist.name> |       DROP
    manager | <table cyclist.name> |     SELECT
    manager | <table cyclist.name> |     MODIFY
    manager | <table cyclist.name> |  AUTHORIZE
    coach |      <all keyspaces> |     SELECT
      

List all permissions on the cyclist.name table:

LIST ALL 
ON cyclist.name;

Output is:

 username | resource             | permission
----------+----------------------+------------
    manager | <table cyclist.name> |     CREATE
    manager | <table cyclist.name> |      ALTER
    manager | <table cyclist.name> |       DROP
    manager | <table cyclist.name> |     SELECT
    manager | <table cyclist.name> |     MODIFY
    manager | <table cyclist.name> |  AUTHORIZE
    coach |      <all keyspaces> |     SELECT

List all permissions on the cyclist.name table and its parents:

LIST ALL 
ON cyclist.name 
NORECURSIVE;

Output is:

 username | resource             | permission
----------+----------------------+------------
    manager | <table cyclist.name> |     CREATE
    manager | <table cyclist.name> |      ALTER
    manager | <table cyclist.name> |       DROP
    manager | <table cyclist.name> |     SELECT
    manager | <table cyclist.name> |     MODIFY
    manager | <table cyclist.name> |  AUTHORIZE