Cycling internal

Internal authentication with internally managed access control.

SOURCE 'user-defined-function-create-flog.cql';

// when authentication and authorization is enabled

// internal roles used as user accounts
DROP ROLE IF EXISTS sys_admin;
DROP ROLE IF EXISTS team_manager;
DROP ROLE IF EXISTS sandy;
DROP ROLE IF EXISTS role_admin;
CREATE ROLE IF NOT EXISTS sys_admin WITH SUPERUSER = true; // gives role access to everything
CREATE ROLE IF NOT EXISTS team_manager WITH PASSWORD = 'RockIt4Us!';
CREATE ROLE IF NOT EXISTS sandy WITH PASSWORD = 'password' AND LOGIN = true;
CREATE ROLE IF NOT EXISTS role_admin WITH PASSWORD = 'changeme' AND LOGIN = true;

// data resource examples
GRANT MODIFY ON KEYSPACE cycling TO team_manager;
GRANT AUTHORIZE ON ALL KEYSPACES TO sys_admin;

// internal role permission collects as DB object
GRANT sys_admin TO team_manager;
GRANT team_manager TO sandy;
GRANT SELECT ON ALL KEYSPACES TO team_manager;
GRANT EXECUTE ON FUNCTION cycling.fLog(double) TO team_manager;

// removing access 
REVOKE SELECT ON ALL KEYSPACES FROM team_manager;
REVOKE EXECUTE ON FUNCTION cycling.fLog(double) FROM team_manager;
REVOKE sys_admin FROM team_manager;
REVOKE team_manager FROM sandy;

// role management examples
GRANT DESCRIBE, ALTER ON ALL ROLES TO sys_admin;

LIST ROLES;
LIST ROLES OF sandy;
LIST ALL PERMISSIONS OF sandy;
LIST ALL PERMISSIONS ON cycling.cyclist_name OF team_manager;

// tag::CHANGE_PW[]
ALTER ROLE sandy WITH PASSWORD = 'bestTeam';
// end::CHANGE_PW[]

// tag::CHANGE_HASHED_PW[]
ALTER ROLE sandy WITH PASSWORD = '$2a$10$Mvs4GDHlNG8MhYe5SFi7ge1R1SMbScIPVtKReSEKpqwcQOvep0Zqq';
// end::CHANGE_HASHED_PW[]

// tag::ROLE_SU[]
ALTER ROLE sandy WITH SUPERUSER=true;
// end::ROLE_SU[]

Was this helpful?

Give Feedback

How can we improve the documentation?

© 2024 DataStax | Privacy policy | Terms of use

Apache, Apache Cassandra, Cassandra, Apache Tomcat, Tomcat, Apache Lucene, Apache Solr, Apache Hadoop, Hadoop, Apache Pulsar, Pulsar, Apache Spark, Spark, Apache TinkerPop, TinkerPop, Apache Kafka and Kafka are either registered trademarks or trademarks of the Apache Software Foundation or its subsidiaries in Canada, the United States and/or other countries. Kubernetes is the registered trademark of the Linux Foundation.

General Inquiries: +1 (650) 389-6000, info@datastax.com