About Database Objects Permissions
DataStax Enterprise supports Role-Based Access Control (RBAC) to ensure that only authorized users can access database resources.
After creating a role, use the following
CQL commands to manage permissions:
REVOKEremoves access that has been granted
RESTRICTexplicitly denies access even if permission is granted directly or inherited
UNRESTRICTremoves a restriction
The following sections shows the relationship between privileges and resources, and describes the resulting permissions. The DataStax Enterprise database Role-Based Access Control uses modelled hierarchy. Granting a privilege to a top-level object gives the role the same permission to all of the ancestors objects.
Permissions differ between object types.
- Data resources
Syntax for authorizing access to keyspaces, tables, rows, and types.
- Functions and aggregate resources
Syntax for authorizing access to user-defined function and aggregate.
- Search indexes
Syntax for authorizing access to search indexes.
Syntax for authorizing role management.
- Proxy login and execute
Syntax for authorizing proxy logins and executes.
- Authentication scheme resources
Syntax for authorizing roles for an authentication scheme.
- JMX resources (MBeans) for DSE utilities
Syntax for authorizing access to MBeans from DSE utilities and third-party tools.
- Analytic applications
Syntax for authorizing Spark applications.
- Remote procedure calls
Syntax for authorizing remote procedure calls.