About permissions
Available permissions
Permissions are granted on a resource to a role; grant a privilege at any level of the resource hierarchy. The full set of available privileges is:
-
ALL PERMISSIONS
-
ALTER
-
AUTHORIZE
-
CREATE
-
DESCRIBE
-
DROP
-
EXECUTE
-
MODIFY
-
PROXY.EXECUTE
-
PROXY.LOGIN
-
SEARCH.ALTER
-
SEARCH.COMMIT
-
SEARCH.CREATE
-
SEARCH.DROP
-
SEARCH.REBUILD
-
SEARCH.RELOAD
-
SELECT
-
role_name
Database resource structure
DataStax Enterprise database resources are objects to which permissions are applied, and hierarchy applies. Grant permissions on a resource higher in the chain will automatically grant that same permission on all resources lower down.
|
Not all privileges apply to every type of resource.
For instance, |
Available objects:
- Functions
-
-
ALL FUNCTIONS
-
ALL FUNCTIONS IN KEYSPACE <keyspace_name>
-
FUNCTION <keyspace_name.function_name>
-
-
-
- Data
-
-
ALL KEYSPACES
-
KEYSPACE <keyspace_name>
-
TABLE <table_name>
-
Rows ('<filtering_data>' ROWS IN <table_name> )
-
Indexes (other than search indexes) belong to a table but permission cannot be directly assigned. ALTER permission on a table allows users to CREATE and DROP indexes.
-
-
Types belong to a keyspace but permissions cannot be directly assigned. To manage types set the keyspace permissions to CREATE, DROP or ALTER which also gives the user the same permissions for tables.
-
-
-
- Search index
-
-
ALL SEARCH INDICES
-
SEARCH INDICES [<keyspace_name>.]<table_name>
-
-
- JMX
-
-
ALL MBEANS
-
MBEAN <mbean_name>
-
MBEANS <pattern>
-
-
-
- Roles
-
-
ALL ROLES
-
ROLE <role_name>
-
Roles are both an assignable permission set and a database resource.
GRANT <role_name> TO <role_name>gives all the permissions of the first role in the statement to the second role. Use roles to create your own hierarchical permissions structures. -
- Remote procedure calls (RPC)
-
-
ALL OBJECTS
-
OBJECT <object_name>
-
METHOD
-
-
-
- Authentication schemes
-
-
ALL SCHEMES
-
(LDAP | KERBEROS | INTERNAL) SCHEME
-
-
