Configuring internal authorization

Steps for adding the CassandraAuthorizer.

CassandraAuthorizer is one of many possible IAuthorizer implementations. Its advantage is that it stores permissions in the system_auth.permissions table to support all authorization-related CQL statements. To activate it, change the authorizer option in cassandra.yaml to use the CassandraAuthorizer.

Note: To configure authentication, see Internal authorization.
The location of the cassandra.yaml file depends on the type of installation:
Package installations /etc/cassandra/cassandra.yaml
Tarball installations install_location/resources/cassandra/conf/cassandra.yaml


  1. In the cassandra.yaml file, comment out the default AllowAllAuthorizer and add the CassandraAuthorizer.
    authorizer: CassandraAuthorizer
    You can use any authenticator except AllowAll.
  2. Configure the replication factor for the system_auth keyspace to increase the replication factor to a number greater than 1.
  3. Adjust the validity period for permissions caching by setting the permissions_validity_in_ms option in the cassandra.yaml file.
    Alternatively, disable permission caching by setting this option to 0.


CQL supports these authorization statements: