Controlling Access to Search Indexes

Assign access privileges to roles for search index management.

Permissions and syntax

Set access to search indexes using the following syntax:

  • Allow access to search index:

    GRANT <permission_name>
ON (ALL SEARCH INDICES | SEARCH KEYSPACE <keyspace_name> | SEARCH INDEX [<keyspace_name>.]<table_name>)
TO <role_name>;

  • Remove access to search index:

    REVOKE <permission_name>
ON (ALL SEARCH INDICES | SEARCH KEYSPACE <keyspace_name> | SEARCH INDEX [<keyspace_name>.]<table_name>)
FROM <role_name>;

Superuser roles have permission to perform any action, including accessing a search indexes resource without any further explicit authorization.
Search index permissions
permission_name CQL command Description

ALL PERMISSIONS

(all commands below), GRANT, and REVOKE

Perform any search index actions and authorize other roles to use any of the actions below.

SEARCH.ALTER

ALTER SEARCH INDEX CONFIG and ALTER SEARCH INDEX SCHEMA

Add, drop, and set schema fields and configuration elements in a search index.

SEARCH.COMMIT

COMMIT SEARCH INDEX

Move the search index from RAM buffer to another on-heap memory location that is suitable for searching.

SEARCH.CREATE

CREATE SEARCH INDEX

Define a new search index.

SEARCH.DROP

DROP SEARCH INDEX

Remove a search index.

SEARCH.REBUILD

REBUILD SEARCH INDEX

Rebuilds the index of the search index.

SEARCH.RELOAD

RELOAD SEARCH INDEX

Reloads the search index.

Requirements to GRANT/REVOKE Search Index permissions

Roles that manage Search Index permissions must have AUTHORIZE on the search index resource:

  • Manage permissions for all search indexes:

    GRANT AUTHORIZE FOR <permission_name>
ON ALL SEARCH INDICES
TO <role_name>;

  • Limit permissions to manage permissions to individual tables:

    GRANT AUTHORIZE FOR <permission_name>
ON SEARCH INDEX [<keyspace_name>.]<table_name>
TO <role_name>;

Superuser roles have permission to perform any action, including accessing a search indexes resource without any further explicit authorization.

Procedure

  • Set access to all search indexes:

    GRANT ALL PERMISSIONS ON ALL SEARCH INDICES TO <role_name>;

  • Limit access to a specific table:

    GRANT ALL PERMISSIONS ON SEARCH INDEX [<keyspace_name>.]<table_name>) TO <role_name>;

  • Remove previously granted access to all search indexes:

    REVOKE ALL PERMISSIONS ON ALL SEARCH INDICES FROM <role_name>;

  • Remove previously granted access to a specific table:

    REVOKE ALL PERMISSIONS ON SEARCH INDEX [<keyspace_name>.]<table_name>) FROM <role_name>;

  • List all roles that have access to search indexes:

    LIST ALL PERMISSIONS ON (ALL SEARCH INDICES|[<keyspace_name>.]<table_name>);

Was this helpful?

Give Feedback

How can we improve the documentation?

© 2024 DataStax | Privacy policy | Terms of use

Apache, Apache Cassandra, Cassandra, Apache Tomcat, Tomcat, Apache Lucene, Apache Solr, Apache Hadoop, Hadoop, Apache Pulsar, Pulsar, Apache Spark, Spark, Apache TinkerPop, TinkerPop, Apache Kafka and Kafka are either registered trademarks or trademarks of the Apache Software Foundation or its subsidiaries in Canada, the United States and/or other countries. Kubernetes is the registered trademark of the Linux Foundation.

General Inquiries: +1 (650) 389-6000, info@datastax.com