Authorizing Remote Procedure Calls (RPC)

DataStax Enterprise supports authentication and role-based access control for Remote Procedure Calls to Java objects and methods.

Here is the syntax for remote calls for the specified procedure on the remote host:

CALL Object.Method(parameter1, parameter2)

RPC permissions

RPC permissions are role-based to provide fine-grained control over which roles can execute which commands. The GRANT and REVOKE CQL commands provide and revoke access to objects and methods.

DataStax Enterprise supports this CQL syntax in cqlsh to grant RPC permissions:

GRANT <permission> ON ALL REMOTE CALLS TO <role>;
GRANT EXECUTE ON REMOTE OBJECT <object> TO <role>;
GRANT EXECUTE ON REMOTE METHOD <object>.<method> TO <role>;

DataStax Enterprise supports this CQL syntax in cqlsh to revoke RPC permissions:

REVOKE EXECUTE ON ALL REMOTE CALLS FROM <role>;
REVOKE EXECUTE ON REMOTE OBJECT <object> FROM <role>;
REVOKE EXECUTE ON REMOTE METHOD <object>.<method> FROM <role>;

where:

  • EXECUTE is the only permission that applies to RPC.

  • <role> is the role to which you grant or revoke authorization.

Managing the permissions of a large number of users can be considerably simplified through the reuse of a small number of high-level roles.

Was this helpful?

Give Feedback

How can we improve the documentation?

© 2024 DataStax | Privacy policy | Terms of use

Apache, Apache Cassandra, Cassandra, Apache Tomcat, Tomcat, Apache Lucene, Apache Solr, Apache Hadoop, Hadoop, Apache Pulsar, Pulsar, Apache Spark, Spark, Apache TinkerPop, TinkerPop, Apache Kafka and Kafka are either registered trademarks or trademarks of the Apache Software Foundation or its subsidiaries in Canada, the United States and/or other countries. Kubernetes is the registered trademark of the Linux Foundation.

General Inquiries: +1 (650) 389-6000, info@datastax.com