About Database Objects Permissions
DataStax Enterprise supports Role-Based Access Control (RBAC) to ensure that only authorized users can access database resources.
After creating a role, use the following CQL commands to manage permissions:
-
GRANTallows access -
REVOKEremoves access that has been granted -
RESTRICTexplicitly denies access even if permission is granted directly or inherited -
UNRESTRICTremoves a restriction
|
|
Resource permissions
The following sections shows the relationship between privileges and resources, and describes the resulting permissions. The DataStax Enterprise database Role-Based Access Control uses modelled hierarchy. Granting a privilege to a top-level object gives the role the same permission to all of the ancestors objects.
Permissions differ between object types.
- Data resources
-
Syntax for authorizing access to keyspaces, tables, rows, and types.
- Functions and aggregate resources
-
Syntax for authorizing access to user-defined function and aggregate.
- Search indexes
-
Syntax for authorizing access to search indexes.
- Roles
-
Syntax for authorizing role management.
- Proxy login and execute
-
Syntax for authorizing proxy logins and executes.
- Authentication scheme resources
-
Syntax for authorizing roles for an authentication scheme.
- JMX resources (MBeans) for DSE utilities
-
Syntax for authorizing access to MBeans from DSE utilities and third-party tools.
- Analytic applications
-
Syntax for authorizing Spark applications.
- Remote procedure calls
-
Syntax for authorizing remote procedure calls.
