Steps for adding the CassandraAuthorizer.
CassandraAuthorizer is one of many possible IAuthorizer implementations, and the one
that stores permissions in the system_auth.permissions table to support all
authorization-related CQL 3 statements. Configuration consists mainly of changing
the authorizer option in the cassandra.yaml to use the CassandraAuthorizer.
Procedure
-
In the cassandra.yaml file, comment out the default
AllowAllAuthorizer and add the CassandraAuthorizer.
#authorizer: org.apache.cassandra.auth.AllowAllAuthorizer
authorizer: org.apache.cassandra.auth.CassandraAuthorizer
You can use any authenticator except AllowAll.
-
Configure the replication factor for the system_auth
keyspace.
-
Adjust the validity period for permissions caching by setting the permissions_validity_in_ms option in the cassandra.yaml.
Alternatively, disable permission caching by setting this option to 0.
Results
CQL 3 will now support these authorization statements: