Authorizing remote procedure calls (RPC)

Allow users to execute commands on DSE and third-party tools that make calls to Java methods and objects.

DataStax Enterprise supports authentication and role-based access control for Remote Procedure Calls to Java objects and methods.

The syntax for remote calls for the specified procedure on the remote host is:
CALL Object.Method(parameter1, parameter2)

RPC permissions

RPC permissions are role-based to provide fine grained control over which roles can execute which commands. The GRANT and REVOKE CQL commands provide and revoke access to objects and methods.

DataStax Enterprise supports this CQL syntax in cqlsh to grant RPC permissions:
GRANT permission ON ALL REMOTE CALLS TO role;
GRANT EXECUTE ON REMOTE OBJECT object TO role;
GRANT EXECUTE ON REMOTE METHOD object.method TO role;
DataStax Enterprise supports this CQL syntax in cqlsh to revoke RPC permissions:
REVOKE EXECUTE ON ALL REMOTE CALLS FROM role;
REVOKE EXECUTE ON REMOTE OBJECT object FROM role;
REVOKE EXECUTE ON REMOTE METHOD object.method FROM role;
where:
  • EXECUTE is the only permission that applies to RPC.
  • role is the role to grant or revoke authorization to.

Managing the permissions of a large number of users can be considerably simplified through the reuse of a small number of high-level roles.