Search Indexes

DataStax Enterprise (DSE) search indexes permissions can only be managed on a Search-enabled node. Apply search index permissions in addition to keyspace and table permissions.

Access is controlled using modeled hierarchy. Granting and revoking a privilege on a top-level object automatically allows the same permission on all descendants (child objects under the top-level object).

Search indexes have the following hierarchy.

cql search hierarchy

Synopsis

Use the following syntax to assign permissions to search resources:

  • ALL SEARCH INDICES

    GRANT <permission>[, <permission> ...]
ON ALL SEARCH INDICES
TO <role_name>;

    where permissions are ALL PERMISSIONS, AUTHORIZE [FOR permission_list], SEARCH.ALTER, SEARCH.COMMIT, SEARCH.CREATE, SEARCH.DROP, SEARCH.REBUILD, and SEARCH.RELOAD

  • SEARCH KEYSPACE <keyspace_name>

    GRANT <permission>[, <permission> ...]
ON SEARCH KEYSPACE <keyspace_name>
TO <role_name>;

    where permissions are ALL PERMISSIONS, AUTHORIZE, SEARCH.ALTER, SEARCH.COMMIT, SEARCH.CREATE, SEARCH.DROP, SEARCH.REBUILD, and SEARCH.RELOAD

  • SEARCH INDEX [<keyspace_name>.]<table_name>

    GRANT <permission>[, <permission> ...]
ON SEARCH INDEX [<keyspace_name>.]<table_name>
TO <role_name>;

    where permissions are ALL PERMISSIONS, AUTHORIZE, SEARCH.ALTER, SEARCH.COMMIT, SEARCH.CREATE, SEARCH.DROP, SEARCH.REBUILD, and SEARCH.RELOAD

Permission matrix

Permission matrix
Privilege Resource Permissions

ALL PERMISSIONS

ALL SEARCH INDICES

All search index privileges for all search indexes systemwide.

ALL PERMISSIONS

SEARCH KEYSPACE <keyspace_name>

All search index privileges search indexes on any table in keyspace.

ALL PERMISSIONS

SEARCH INDEX <table_name>

All search index privileges for on the table.

SEARCH.ALTER

ALL SEARCH INDICES

ALTER SEARCH INDEX CONFIG and ALTER SEARCH INDEX SCHEMA on all tables in all keyspaces.

Changes to the configuration and schema must be loaded.

SEARCH.ALTER

SEARCH KEYSPACE <keyspace_name>

ALTER SEARCH INDEX CONFIG and ALTER SEARCH INDEX SCHEMA on all search indexes on any table in the keyspace.

Changes to the configuration and schema must be loaded.

SEARCH.ALTER

SEARCH INDEX <table_name>

ALTER SEARCH INDEX CONFIG and ALTER SEARCH INDEX SCHEMA on specified table. Use a keyspace qualified table name when keyspace is not selected.

Changes to the configuration and schema must be loaded.

SEARCH.COMMIT

ALL SEARCH INDICES

COMMIT SEARCH INDEX on all tables in all keyspaces.

SEARCH.COMMIT

SEARCH KEYSPACE <keyspace_name>

COMMIT SEARCH INDEX on all search indexes on any table in the keyspace.

SEARCH.COMMIT

SEARCH INDEX <table_name>

COMMIT SEARCH INDEX on specified table. Use a keyspace qualified table name when keyspace is not selected.

SEARCH.CREATE

ALL SEARCH INDICES

CREATE SEARCH INDEX on all tables all keyspaces.

SEARCH.CREATE

SEARCH KEYSPACE <keyspace_name>

CREATE SEARCH INDEX on all search indexes on any table in the keyspace.

SEARCH.CREATE

SEARCH INDEX <table_name>

CREATE SEARCH INDEX on specified table. Use a keyspace qualified table name when keyspace is not selected.

SEARCH.DROP

ALL SEARCH INDICES

DROP SEARCH INDEX on all tables.

SEARCH.DROP

SEARCH KEYSPACE <keyspace_name>

DROP SEARCH INDEX on all search indexes on any table in the keyspace.

SEARCH.DROP

SEARCH INDEX <table_name>

DROP SEARCH INDEX on specified table.

SEARCH.REBUILD

ALL SEARCH INDICES

REBUILD SEARCH INDEX on any table in all keyspaces.

SEARCH.REBUILD

SEARCH KEYSPACE <keyspace_name>

REBUILD SEARCH INDEX on all search indexes on any table in the keyspace.

SEARCH.REBUILD

SEARCH INDEX <table_name>

REBUILD SEARCH INDEX on specified table. Use a keyspace qualified table name when keyspace is not selected.

SEARCH.RELOAD

ALL SEARCH INDICES

RELOAD SEARCH INDEX on all tables in all keyspaces.

SEARCH.RELOAD

SEARCH KEYSPACE <keyspace_name>

RELOAD SEARCH INDEX on all search indexes on any table in the keyspace.

SEARCH.RELOAD

SEARCH INDEX <table_name>

RELOAD SEARCH INDEX on specified table. Use a keyspace qualified table name when keyspace is not selected.

Was this helpful?

Give Feedback

How can we improve the documentation?

© Copyright IBM Corporation 2025 | Privacy policy | Terms of use Manage Privacy Choices

Apache, Apache Cassandra, Cassandra, Apache Tomcat, Tomcat, Apache Lucene, Apache Solr, Apache Hadoop, Hadoop, Apache Pulsar, Pulsar, Apache Spark, Spark, Apache TinkerPop, TinkerPop, Apache Kafka and Kafka are either registered trademarks or trademarks of the Apache Software Foundation or its subsidiaries in Canada, the United States and/or other countries. Kubernetes is the registered trademark of the Linux Foundation.

General Inquiries: Contact IBM