GRANT
Assigns privileges to roles on database resources, such as keyspaces, tables, and functions.
Permissions apply immediately, even to active client sessions. |
Restriction: Enable authentication and authorization to control access to database resources. See Enabling DSE Unified Authentication.
Synopsis
GRANT <permission> ON <object> TO <role_name> ;
Syntax legend
Syntax conventions | Description |
---|---|
UPPERCASE |
Literal keyword. |
Lowercase |
Not literal. |
|
Variable value. Replace with a user-defined value. |
|
Optional.
Square brackets ( |
|
Group.
Parentheses ( |
|
Or.
A vertical bar ( |
|
Repeatable.
An ellipsis ( |
|
Single quotation ( |
|
Map collection.
Braces ( |
Set, list, map, or tuple.
Angle brackets ( |
|
|
End CQL statement.
A semicolon ( |
|
Separate the command line options from the command arguments with two hyphens ( |
|
Search CQL only: Single quotation marks ( |
|
Search CQL only: Identify the entity and literal value to overwrite the XML element in the schema and solrConfig files. |
- privilege
-
For DSE 5.1 only. Permissions granted on a resource to a role; grant a privilege at any level of the resource hierarchy. The full set of available privileges is:
-
ALL PERMISSIONS
-
ALTER
-
AUTHORIZE
-
CREATE
-
DESCRIBE
-
DROP
-
EXECUTE
-
MODIFY
-
PROXY.EXECUTE
-
PROXY.LOGIN
-
SEARCH.ALTER
-
SEARCH.COMMIT
-
SEARCH.CREATE
-
SEARCH.DROP
-
SEARCH.REBUILD
-
SEARCH.RELOAD
-
SELECT
-
- <permission>
-
Type of access a role has on a database resource. Use
ALL PERMISSIONS
or a comma separated list of permissions.Permissions are resource-specific as follows:
-
Data -
ALL PERMISSIONS
orALTER
,AUTHORIZE [FOR <permission_list>]
,CREATE
,DESCRIBE
,DROP
,MODIFY
(deprecated),SELECT
,TRUNCATE
, orUPDATE
(allowsINSERT
,UPDATE
, orDELETE
) -
JMX (MBeans) -
ALL PERMISSIONS
orAUTHORIZE [FOR <permission_list>]
,DESCRIBE
,EXECUTE
,MODIFY
, andSELECT
-
Remote procedure calls (RPC) -
ALL PERMISSIONS
orAUTHORIZE [FOR <permission_list>]
,EXECUTE
,MODIFY
, andSELECT
-
Authentication schemes -
ALL PERMISSIONS
orAUTHORIZE [FOR <permission_list>]
andEXECUTE
-
To manage access control the role must have authorize permission on the resource for the type of permission.
When |
|
- <resource_name>
-
Apache Cassandra® database objects on which permissions are applied. Database resources have modelled hierarchy, the permission on a top level object gives the role the same permission on the objects ancestors. Identify the resource using the following keywords:
-
Data -
ALL KEYSPACES
>KEYSPACE
<keyspace_name> >ALL TABLES IN KEYSPACE
<keyspace_name> >TABLE <table_name>
>'<filtering_data>' ROWS IN <table_name>
-
JMX MBeans -
ALL MBEANS > MBEAN <mbean_name>
andMBEANS <pattern>
-
Remote procedure calls (RPC) -
ALL REMOTE CALLS
>REMOTE METHOD <name>
|REMOTE OBJECT <name>
-