GRANT
Provide access to database objects.
Provide access to database objects.
Synopsis
GRANT permission_name PERMISSION
| GRANT ALL PERMISSIONS ON resource TO user_name
permission_name is one of these:
- ALL
- ALTER
- AUTHORIZE
- CREATE
- DROP
- MODIFY
- SELECT
resource is one of these:
- ALL KEYSPACES
- KEYSPACE keyspace_name
- TABLE keyspace_name.table_name
A semicolon that terminates CQL statements is not included in the synopsis. |
Description
Permissions to access all keyspaces, a named keyspace, or a table can be granted to a user. Enclose the user name in single quotation marks if it contains non-alphanumeric characters.
This table lists the permissions needed to use CQL statements:
Permission | CQL Statement |
---|---|
ALL | All statements |
ALTER | ALTER KEYSPACE, ALTER TABLE, CREATE INDEX, DROP INDEX |
AUTHORIZE | GRANT, REVOKE |
CREATE | CREATE KEYSPACE, CREATE TABLE |
DROP | DROP KEYSPACE, DROP TABLE |
MODIFY | INSERT, DELETE, UPDATE, TRUNCATE |
SELECT | SELECT |
To be able to perform SELECT queries on a table, you have to have SELECT permission on the table, on its parent keyspace, or on ALL KEYSPACES. To be able to CREATE TABLE you need CREATE permission on its parent keyspace or ALL KEYSPACES. You need to be a superuser or to have AUTHORIZE permission on a resource (or one of its parents in the hierarchy) plus the permission in question to be able to GRANT or REVOKE that permission to or from a user. GRANT, REVOKE and LIST permissions check for the existence of the table and keyspace before execution. GRANT and REVOKE check that the user exists.
Examples
Give spillman permission to perform SELECT queries on all tables in all keyspaces:
GRANT SELECT ON ALL KEYSPACES TO spillman;
Give akers permission to perform INSERT, UPDATE, DELETE and TRUNCATE queries on all tables in the field keyspace.
GRANT MODIFY ON KEYSPACE field TO akers;
Give boone permission to perform ALTER KEYSPACE queries on the forty9ers keyspace, and also ALTER TABLE, CREATE INDEX and DROP INDEX queries on all tables in forty9ers keyspace:
GRANT ALTER ON KEYSPACE forty9ers TO boone;
Give boone permission to run all types of queries on ravens.plays table.
GRANT ALL PERMISSIONS ON ravens.plays TO boone;
Grant access to a keyspace to just one user, assuming nobody else has ALL KEYSPACES access.
GRANT ALL ON KEYSPACE keyspace_name TO user_name;