Object permissions
Granting or revoking privileges on database resources.
Object permissions may be assigned using the authorization mechanism for the following
objects:
- keyspace
- table
- function
- aggregate
- roles
- MBeans
Permission is configurable for CQL commands
CREATE
, ALTER
, DROP
, SELECT
,
MODIFY
, and DESCRIBE
, which are used to interact with the
database. The EXECUTE
command may be used to grant permission to a role for the
SELECT
, INSERT
, and UPDATE
commands. In
addition, the AUTHORIZE
command may be used to grant permission for a role to
GRANT
, REVOKE
, or AUTHORIZE
another role's
permissions.
Read access to these system tables is implicitly given to every authenticated user or role because the tables are used by most tools:
- system_schema.keyspaces
- system_schema.columns
- system_schema.tables
- system.local
- system.peers