Creating additional users to access DataStax Apollo databases

Administrator users can create additional users and give them privileges to access DataStax Apollo databases.

When creating a database, a database user is created with the appropriate permissions to take any action within the created keyspace. This user is not a database superuser. However, the database user is granted the following permissions in the keyspace created on the database:
  • Create, select, modify, drop, and describe database objects
  • Grant the same or lesser permissions to additional database users
  • Create and drop additional database users using the Cassandra Query Language (CQL)
Note: You must be the owner of the database to create additional users within the selected keyspace.
The following GRANT statements provide these permissions:
GRANT AUTHORIZE FOR CREATE, SELECT, MODIFY, DROP, DESCRIBE ON KEYSPACE keyspace_name TO database_user;
GRANT DESCRIBE, CREATE, SELECT, MODIFY, DROP ON KEYSPACE keyspace_name TO database_user;
GRANT CREATE, DROP ON ALL ROLES TO database_user;

Prerequisites

Create a database using the DataStax Constellation console.

Procedure

  1. Open a browser, navigate to the DataStax Constellation console, and log in.
  2. From the Databases page, click View Existing Databases.
  3. From the Databases page, under Actions, click the ellipsis () for the database you want to connect to and select Developer Studio.
    A DataStax Developer Studio instance that is connected to your Cassandra database opens.
  4. In Developer Studio, create a new notebook.
    1. In the notebook, select your keyspace from the dropdown menu.
    2. Run the following CQL command to create a new database user with the specified password.

      When the user logs in to the CQL shell (cqlsh), they must enter their password. If they do not specify a password, they are prompted to enter one.

      Tip: When working in a notebook, hold Shift and press Return to run a command without having to click the Run button.
      CREATE ROLE username WITH PASSWORD = 'password' AND LOGIN = true;
    3. Grant sufficient privileges for the user based on their needs.

      The following example grants the specified username privileges to create, select, and modify data on all tables in the specified keyspace_name. Additionally, the command grants the specified user all permissions to search indexes in the keyspace.

      GRANT CREATE, SELECT, MODIFY ON KEYSPACE keyspace_name TO username;

Results

Users can access the database using the CQL shell (cqlsh).