Configuring internal authorization

Steps for adding the CassandraAuthorizer.

CassandraAuthorizer is one of many possible IAuthorizer implementations, and the one that stores permissions in the system_auth.permissions table to support all authorization-related CQL statements. Configuration consists mainly of changing the authorizer option in the cassandra.yaml to use the CassandraAuthorizer.

Note: To configure authentication, see Configuring authentication.
The location of the cassandra.yaml file depends on the type of installation:
Package installations /etc/cassandra/cassandra.yaml
Tarball installations install_location/resources/cassandra/conf/cassandra.yaml


  1. In the cassandra.yaml file, comment out the default AllowAllAuthorizer and add the CassandraAuthorizer.
    authorizer: CassandraAuthorizer
    You can use any authenticator except AllowAll.
  2. Configure the replication factor for the system_auth keyspace to increase the replication factor to a number greater than 1.
  3. Adjust the validity period for permissions caching by setting the permissions_validity_in_ms option in the cassandra.yaml file.
    Alternatively, disable permission caching by setting this option to 0.


CQL supports these authorization statements: