Search indexes

Syntax for authorizing access to search indexes.

DataStax Enterprise search indexes permissions can only be managed on a Search enabled node. Apply search index permissions in addition to keyspace and table permissions. Access is controlled using modelled hierarchy. Granting and revoking a privilege on a top level object automatically allows the same permission on all ancestors.

Search indexes have the following hierarchy.

Synopsis

Use the following syntax to assign permissions to search resources:
  • ALL SEARCH INDICES
    GRANT permission[, permission ...]
    ON ALL SEARCH INDICES
    TO role_name;
    where permissions are ALL PERMISSIONS, AUTHORIZE [FOR permission_list], SEARCH.ALTER, SEARCH.COMMIT, SEARCH.CREATE, SEARCH.DROP, SEARCH.REBUILD, and SEARCH.RELOAD
  • SEARCH KEYSPACE keyspace_name
    GRANT permission[, permission ...]
    ON SEARCH KEYSPACE keyspace_name
    TO role_name;
    where permissions are ALL PERMISSIONS, AUTHORIZE, SEARCH.ALTER, SEARCH.COMMIT, SEARCH.CREATE, SEARCH.DROP, SEARCH.REBUILD, and SEARCH.RELOAD
  • SEARCH INDEX [keyspace_name.]table_name
    GRANT permission[, permission ...]
    ON SEARCH INDEX [keyspace_name.]table_name
    TO role_name;
    where permissions are ALL PERMISSIONS, AUTHORIZE, SEARCH.ALTER, SEARCH.COMMIT, SEARCH.CREATE, SEARCH.DROP, SEARCH.REBUILD, and SEARCH.RELOAD

Permission matrix

Privilege Resource Permissions
ALL PERMISSIONS ALL SEARCH INDICES All search index privileges for all search indexes systemwide.
ALL PERMISSIONS SEARCH KEYSPACE keyspace_name All search index privileges search indexes on any table in keyspace.
ALL PERMISSIONS SEARCH INDEX table_name All search index privileges for on the table.
SEARCH.ALTER ALL SEARCH INDICES ALTER SEARCH INDEX CONFIG and ALTER SEARCH INDEX SCHEMA on all tables in all keyspaces.
Note: Changes to the configuration and schema must be loaded.
SEARCH.ALTER SEARCH KEYSPACE keyspace_name ALTER SEARCH INDEX CONFIG and ALTER SEARCH INDEX SCHEMA on all search indexes on any table in the keyspace.
Note: Changes to the configuration and schema must be loaded.
SEARCH.ALTER SEARCH INDEX table_name ALTER SEARCH INDEX CONFIG and ALTER SEARCH INDEX SCHEMA on specified table. Use a keyspace qualified table name when keyspace is not selected.
Note: Changes to the configuration and schema must be loaded.
SEARCH.COMMIT ALL SEARCH INDICES COMMIT SEARCH INDEX on all tables in all keyspaces.
SEARCH.COMMIT SEARCH KEYSPACE keyspace_name COMMIT SEARCH INDEX on all search indexes on any table in the keyspace.
SEARCH.COMMIT SEARCH INDEX table_name COMMIT SEARCH INDEX on specified table. Use a keyspace qualified table name when keyspace is not selected.
SEARCH.CREATE ALL SEARCH INDICES CREATE SEARCH INDEX on all tables all keyspaces.
SEARCH.CREATE SEARCH KEYSPACE keyspace_name CREATE SEARCH INDEX on all search indexes on any table in the keyspace.
SEARCH.CREATE SEARCH INDEX table_name CREATE SEARCH INDEX on specified table. Use a keyspace qualified table name when keyspace is not selected.
SEARCH.DROP ALL SEARCH INDICES DROP SEARCH INDEX on all tables.
SEARCH.DROP SEARCH KEYSPACE keyspace_name DROP SEARCH INDEX on all search indexes on any table in the keyspace.
SEARCH.DROP SEARCH INDEX table_name DROP SEARCH INDEX on specified table.
SEARCH.REBUILD ALL SEARCH INDICES REBUILD SEARCH INDEX on any table in all keyspaces.
SEARCH.REBUILD SEARCH KEYSPACE keyspace_name REBUILD SEARCH INDEX on all search indexes on any table in the keyspace.
SEARCH.REBUILD SEARCH INDEX table_name REBUILD SEARCH INDEX on specified table. Use a keyspace qualified table name when keyspace is not selected.
SEARCH.RELOAD ALL SEARCH INDICES RELOAD SEARCH INDEX on all tables in all keyspaces.
SEARCH.RELOAD SEARCH KEYSPACE keyspace_name RELOAD SEARCH INDEX on all search indexes on any table in the keyspace.
SEARCH.RELOAD SEARCH INDEX table_name RELOAD SEARCH INDEX on specified table. Use a keyspace qualified table name when keyspace is not selected.