GRANT ROLE

Assigns the privileges of one role to another role. The role granted will have the same permissions to database resources. Privileges are applied immediately, even to active client sessions.

See GRANT PERMISSION to grant permission to resources to a role.

Syntax

GRANT <role_name> TO <role_name> ;
Syntax legend
Legend
Syntax conventions Description

UPPERCASE

Literal keyword.

Lowercase

Not literal.

< >

Variable value. Replace with a user-defined value.

[]

Optional. Square brackets ([]) surround optional command arguments. Do not type the square brackets.

( )

Group. Parentheses ( ( ) ) identify a group to choose from. Do not type the parentheses.

|

Or. A vertical bar (|) separates alternative elements. Type any one of the elements. Do not type the vertical bar.

...

Repeatable. An ellipsis ( ... ) indicates that you can repeat the syntax element as often as required.

'<Literal string>'

Single quotation (') marks must surround literal strings in CQL statements. Use single quotation marks to preserve upper case.

{ <key> : <value> }

Map collection. Braces ({ }) enclose map collections or key value pairs. A colon separates the key and the value.

<datatype2

Set, list, map, or tuple. Angle brackets ( < > ) enclose data types in a set, list, map, or tuple. Separate the data types with a comma.

<cql_statement>;

End CQL statement. A semicolon (;) terminates all CQL statements.

[--]

Separate the command line options from the command arguments with two hyphens ( -- ). This syntax is useful when arguments might be mistaken for command line options.

' <<schema\> ... </schema\>> '

Search CQL only: Single quotation marks (') surround an entire XML schema declaration.

@<xml_entity>='<xml_entity_type>'

Search CQL only: Identify the entity and literal value to overwrite the XML element in the schema and solrConfig files.

Parameters

Parameter Description Default

role_name

Identifier of the role. CQL forces all names to lowercase. If you need to preserve case or use special characters in the role name, enclose <role_name> in quotes.

To automatically map external users to roles with DSE Unified Authenticator, the role name must exactly match the LDAP group name, including case.

Examples

Manage permissions using GRANT and REVOKE.

A role can only modify permissions of another role and can only modify (GRANT or REVOKE) role permissions that it also has.

  1. Assign a role cycling_admin full access to the cycling keyspace:

    GRANT ALL PERMISSIONS ON KEYSPACE cycling TO cycling_admin;
  2. Now assign that role to coach.

    GRANT cycling_admin TO coach;

    The assignment gives the coach role the same permissions as the cycling_admin role. All roles that require that level of access can be assigned the cycling_admin role.

  3. View the coach’s permissions, to see that coach now has the cycling_admin permissions.

    LIST ALL PERMISSIONS OF coach;
 role          | username      | resource           | permission | granted | restricted | grantable
---------------+---------------+--------------------+------------+---------+------------+-----------
 cycling_admin | cycling_admin | <keyspace cycling> |     CREATE |    True |      False |     False
 cycling_admin | cycling_admin | <keyspace cycling> |      ALTER |    True |      False |     False
 cycling_admin | cycling_admin | <keyspace cycling> |       DROP |    True |      False |     False
 cycling_admin | cycling_admin | <keyspace cycling> |     SELECT |    True |      False |     False
 cycling_admin | cycling_admin | <keyspace cycling> |  AUTHORIZE |    True |      False |     False
 cycling_admin | cycling_admin | <keyspace cycling> |   DESCRIBE |    True |      False |     False
 cycling_admin | cycling_admin | <keyspace cycling> |     UPDATE |    True |      False |     False
 cycling_admin | cycling_admin | <keyspace cycling> |   TRUNCATE |    True |      False |     False

(8 rows)

Was this helpful?

Give Feedback

How can we improve the documentation?

© 2024 DataStax | Privacy policy | Terms of use

Apache, Apache Cassandra, Cassandra, Apache Tomcat, Tomcat, Apache Lucene, Apache Solr, Apache Hadoop, Hadoop, Apache Pulsar, Pulsar, Apache Spark, Spark, Apache TinkerPop, TinkerPop, Apache Kafka and Kafka are either registered trademarks or trademarks of the Apache Software Foundation or its subsidiaries in Canada, the United States and/or other countries. Kubernetes is the registered trademark of the Linux Foundation.

General Inquiries: +1 (650) 389-6000, info@datastax.com