Search Indexes
DataStax Enterprise (DSE) search indexes permissions can only be managed on a Search-enabled node. Apply search index permissions in addition to keyspace and table permissions.
Access is controlled using modelled hierarchy. Granting and revoking a privilege on a top level object automatically allows the same permission on all descendants.
Search indexes have the following hierarchy.
Synopsis
Use the following syntax to assign permissions to search resources:
-
ALL SEARCH INDICES:GRANT <permission>[, <permission> ...] ON ALL SEARCH INDICES TO <role_name>;The permissions are
ALL PERMISSIONS,AUTHORIZE[FOR permission_list],SEARCH.ALTER,SEARCH.COMMIT,SEARCH.CREATE,SEARCH.DROP,SEARCH.REBUILD, andSEARCH.RELOAD. -
SEARCH KEYSPACE <keyspace_name>:GRANT <permission>[, <permission> ...] ON SEARCH KEYSPACE <keyspace_name> TO <role_name>;The permissions are
ALL PERMISSIONS,AUTHORIZE,SEARCH.ALTER,SEARCH.COMMIT,SEARCH.CREATE,SEARCH.DROP,SEARCH.REBUILD,andSEARCH.RELOAD. -
SEARCH INDEX [<keyspace_name>.]<table_name>:GRANT <permission>[, <permission> ...] ON SEARCH INDEX [<keyspace_name>.]<table_name> TO <role_name>;The permissions are
ALL PERMISSIONS,AUTHORIZE,SEARCH.ALTER,SEARCH.COMMIT,SEARCH.CREATE,SEARCH.DROP,SEARCH.REBUILD,andSEARCH.RELOAD.
Permission matrix
| Privilege | Resource | Permissions |
|---|---|---|
ALL PERMISSIONS |
ALL SEARCH INDICES |
All search index privileges for all search indexes systemwide. |
ALL PERMISSIONS |
SEARCH KEYSPACE <keyspace_name> |
All search index privileges search indexes on any table in keyspace. |
ALL PERMISSIONS |
SEARCH INDEX <table_name> |
All search index privileges for on the table. |
SEARCH.ALTER |
ALL SEARCH INDICES |
ALTER SEARCH INDEX CONFIG and ALTER SEARCH INDEX SCHEMA on all tables in all keyspaces. Changes to the configuration and schema must be loaded. |
SEARCH.ALTER |
SEARCH KEYSPACE <keyspace_name> |
ALTER SEARCH INDEX CONFIG and ALTER SEARCH INDEX SCHEMA on all search indexes on any table in the keyspace. Changes to the configuration and schema must be loaded. |
SEARCH.ALTER |
SEARCH INDEX <table_name> |
ALTER SEARCH INDEX CONFIG and ALTER SEARCH INDEX SCHEMA on specified table. Use a keyspace qualified table name when keyspace is not selected. Changes to the configuration and schema must be loaded. |
SEARCH.COMMIT |
ALL SEARCH INDICES |
COMMIT SEARCH INDEX on all tables in all keyspaces. |
SEARCH.COMMIT |
SEARCH KEYSPACE <keyspace_name> |
COMMIT SEARCH INDEX on all search indexes on any table in the keyspace. |
SEARCH.COMMIT |
SEARCH INDEX <table_name> |
COMMIT SEARCH INDEX on specified table. Use a keyspace qualified table name when keyspace is not selected. |
SEARCH.CREATE |
ALL SEARCH INDICES |
CREATE SEARCH INDEX on all tables all keyspaces. |
SEARCH.CREATE |
SEARCH KEYSPACE <keyspace_name> |
CREATE SEARCH INDEX on all search indexes on any table in the keyspace. |
SEARCH.CREATE |
SEARCH INDEX <table_name> |
CREATE SEARCH INDEX on specified table. Use a keyspace qualified table name when keyspace is not selected. |
SEARCH.DROP |
ALL SEARCH INDICES |
DROP SEARCH INDEX on all tables. |
SEARCH.DROP |
SEARCH KEYSPACE <keyspace_name> |
DROP SEARCH INDEX on all search indexes on any table in the keyspace. |
SEARCH.DROP |
SEARCH INDEX <table_name> |
DROP SEARCH INDEX on specified table. |
SEARCH.REBUILD |
ALL SEARCH INDICES |
REBUILD SEARCH INDEX on any table in all keyspaces. |
SEARCH.REBUILD |
SEARCH KEYSPACE <keyspace_name> |
REBUILD SEARCH INDEX on all search indexes on any table in the keyspace. |
SEARCH.REBUILD |
SEARCH INDEX <table_name> |
REBUILD SEARCH INDEX on specified table. Use a keyspace qualified table name when keyspace is not selected. |
SEARCH.RELOAD |
ALL SEARCH INDICES |
RELOAD SEARCH INDEX on all tables in all keyspaces. |
SEARCH.RELOAD |
SEARCH KEYSPACE <keyspace_name> |
RELOAD SEARCH INDEX on all search indexes on any table in the keyspace. |
SEARCH.RELOAD |
SEARCH INDEX <table_name> |
RELOAD SEARCH INDEX on specified table. Use a keyspace qualified table name when keyspace is not selected. |
