Search Indexes
DataStax Enterprise search indexes permissions can only be managed on a Search-enabled node. Apply search index permissions in addition to keyspace and table permissions.
Access is controlled using modelled hierarchy. Granting and revoking a privilege on a top level object automatically allows the same permission on all ancestors.
Search indexes have the following hierarchy.
Synopsis
Use the following syntax to assign permissions to search resources:
-
ALL SEARCH INDICES
GRANT <permission>[, <permission> ...] ON ALL SEARCH INDICES TO <role_name>;where permissions are
ALL PERMISSIONS,AUTHORIZE[FOR permission_list],SEARCH.ALTER,SEARCH.COMMIT,SEARCH.CREATE,SEARCH.DROP,SEARCH.REBUILD, andSEARCH.RELOAD -
SEARCH KEYSPACE <keyspace_name>
GRANT <permission>[, <permission> ...] ON SEARCH KEYSPACE <keyspace_name> TO <role_name>;where permissions are
ALL PERMISSIONS,AUTHORIZE,SEARCH.ALTER,SEARCH.COMMIT,SEARCH.CREATE,SEARCH.DROP,SEARCH.REBUILD,andSEARCH.RELOAD -
SEARCH INDEX [<keyspace_name>.]<table_name>
GRANT <permission>[, <permission> ...] ON SEARCH INDEX [<keyspace_name>.]<table_name> TO <role_name>;where permissions are
ALL PERMISSIONS,AUTHORIZE,SEARCH.ALTER,SEARCH.COMMIT,SEARCH.CREATE,SEARCH.DROP,SEARCH.REBUILD,andSEARCH.RELOAD
Permission matrix
| Privilege | Resource | Permissions | ||
|---|---|---|---|---|
ALL PERMISSIONS |
ALL SEARCH INDICES |
All search index privileges for all search indexes systemwide. |
||
ALL PERMISSIONS |
SEARCH KEYSPACE <keyspace_name> |
All search index privileges search indexes on any table in keyspace. |
||
ALL PERMISSIONS |
SEARCH INDEX <table_name> |
All search index privileges for on the table. |
||
SEARCH.ALTER |
ALL SEARCH INDICES |
ALTER SEARCH INDEX CONFIG and ALTER SEARCH INDEX SCHEMA on all tables in all keyspaces.
|
||
SEARCH.ALTER |
SEARCH KEYSPACE <keyspace_name> |
ALTER SEARCH INDEX CONFIG and ALTER SEARCH INDEX SCHEMA on all search indexes on any table in the keyspace.
|
||
SEARCH.ALTER |
SEARCH INDEX <table_name> |
ALTER SEARCH INDEX CONFIG and ALTER SEARCH INDEX SCHEMA on specified table. Use a keyspace qualified table name when keyspace is not selected.
|
||
SEARCH.COMMIT |
ALL SEARCH INDICES |
COMMIT SEARCH INDEX on all tables in all keyspaces. |
||
SEARCH.COMMIT |
SEARCH KEYSPACE <keyspace_name> |
COMMIT SEARCH INDEX on all search indexes on any table in the keyspace. |
||
SEARCH.COMMIT |
SEARCH INDEX <table_name> |
COMMIT SEARCH INDEX on specified table. Use a keyspace qualified table name when keyspace is not selected. |
||
SEARCH.CREATE |
ALL SEARCH INDICES |
CREATE SEARCH INDEX on all tables all keyspaces. |
||
SEARCH.CREATE |
SEARCH KEYSPACE <keyspace_name> |
CREATE SEARCH INDEX on all search indexes on any table in the keyspace. |
||
SEARCH.CREATE |
SEARCH INDEX <table_name> |
CREATE SEARCH INDEX on specified table. Use a keyspace qualified table name when keyspace is not selected. |
||
SEARCH.DROP |
ALL SEARCH INDICES |
DROP SEARCH INDEX on all tables. |
||
SEARCH.DROP |
SEARCH KEYSPACE <keyspace_name> |
DROP SEARCH INDEX on all search indexes on any table in the keyspace. |
||
SEARCH.DROP |
SEARCH INDEX <table_name> |
DROP SEARCH INDEX on specified table. |
||
SEARCH.REBUILD |
ALL SEARCH INDICES |
REBUILD SEARCH INDEX on any table in all keyspaces. |
||
SEARCH.REBUILD |
SEARCH KEYSPACE <keyspace_name> |
REBUILD SEARCH INDEX on all search indexes on any table in the keyspace. |
||
SEARCH.REBUILD |
SEARCH INDEX <table_name> |
REBUILD SEARCH INDEX on specified table. Use a keyspace qualified table name when keyspace is not selected. |
||
SEARCH.RELOAD |
ALL SEARCH INDICES |
RELOAD SEARCH INDEX on all tables in all keyspaces. |
||
SEARCH.RELOAD |
SEARCH KEYSPACE <keyspace_name> |
RELOAD SEARCH INDEX on all search indexes on any table in the keyspace. |
||
SEARCH.RELOAD |
SEARCH INDEX <table_name> |
RELOAD SEARCH INDEX on specified table. Use a keyspace qualified table name when keyspace is not selected. |
