Configuring internal authorization
Steps for adding the CassandraAuthorizer.
CassandraAuthorizer is one of many possible IAuthorizer implementations, and the one that stores permissions in the system_auth.permissions table to support all authorization-related CQL statements. Configuration consists mainly of changing the authorizer option in the cassandra.yaml to use the CassandraAuthorizer.
Note: To configure authentication, see Configuring authentication.
The location of the cassandra.yaml file depends on the type of
installation:
Package installations | /etc/cassandra/cassandra.yaml |
Tarball installations | install_location/resources/cassandra/conf/cassandra.yaml |
Procedure
-
In the cassandra.yaml file, comment out the default
AllowAllAuthorizer and add the CassandraAuthorizer.
authorizer: CassandraAuthorizer
You can use any authenticator except AllowAll. - Configure the replication factor for the system_auth keyspace to increase the replication factor to a number greater than 1.
-
Adjust the validity period for permissions caching by setting the permissions_validity_in_ms option in the
cassandra.yaml file.
Alternatively, disable permission caching by setting this option to 0.