Configuring authorization and object permissions
Steps to configure and use the DSE Authorizer to manage object permissions against authentication schemes.
Note: Authentication is independent of authorization and object
permissions.
The location of
the dse.yaml file depends
on the type of installation:
Installer-Services | /etc/dse/dse.yaml |
Package installations | /etc/dse/dse.yaml |
Installer-No Services | install_location/resources/dse/conf/dse.yaml |
Tarball installations | install_location/resources/dse/conf/dse.yaml |
The
location of the cassandra.yaml file
depends on the type of installation:
Installer-Services | /etc/dse/cassandra/cassandra.yaml |
Package installations | /etc/dse/cassandra/cassandra.yaml |
Installer-No Services | install_location/resources/cassandra/conf/cassandra.yaml |
Tarball installations | install_location/resources/cassandra/conf/cassandra.yaml |
Use the familiar relational database GRANT/REVOKE paradigm to grant or revoke permissions to access Cassandra data. A superuser grants initial permissions, and subsequently a role may or may not be given the permission to grant/revoke permissions.
The DSE Authorizer supports the following CQL authorization statements:
Accessing system resources
Read access to these system tables is implicitly given to every authenticated user because the tables are used by most Cassandra tools:
- system.schema_keyspace
- system.schema_columns
- system.schema_columnfamilies
- system.local
- system.peers
Procedure
On each node: