Data resources

Syntax for authorizing access to keyspaces, tables, rows, and types.

dse.yaml

The location of the dse.yaml file depends on the type of installation:
Package installations /etc/dse/dse.yaml
Tarball installations installation_location/resources/dse/conf/dse.yaml

Data resources are keyspaces, types, table, and rows. Access is controlled using modelled hierarchy. Granting and revoking a privilege on a top level object automatically allows the same permission on all ancestors.

Data resources have the following hierarchy:

Synopsis

Use the following syntax for data resource access control:

Permission matrix

The following table describes the CQL statements enabled on the resource when a privilege is granted to a role :
Privilege type Resource names Permissions
ALL PERMISSIONS ALL KEYSPACES CREATE KEYSPACE and DROP KEYSPACE, as well as all permissions on ancestor objects described in CREATE, ALTER, AUTHORIZE, DESCRIBE, DROP, MODIFY, and SELECT privilege.
ALL PERMISSIONS KEYSPACE ALTER, AUTHORIZE, DESCRIBE, and SELECT privileges on the keyspace and CREATE, ALTER, AUTHORIZE, DESCRIBE, DROP, and SELECT privileges on types, tables, and rows.
ALL PERMISSIONS TABLE MODIFY, SELECT, and AUTHORIZE privileges on the table and all privileges on rows.
ALL PERMISSIONS ROWS MODIFY and SELECT privileges on the rows that match the filtering text.
ALTER ALL KEYSPACES ALTER KEYSPACE, ALTER TABLE, ALTER TYPE, RESTRICT ROWS, and UNRESTRICT ROWS.
ALTER KEYSPACE
ALTER TABLE ALTER TABLE, RESTRICT ROWS, and UNRESTRICT ROWS.
CREATE ALL KEYSPACES CREATE KEYSPACE, CREATE TABLE and CREATE TYPE.
Note: Creating a resource automatically grants AUTHORIZE permission to the role that created it.
CREATE KEYSPACE CREATE TABLE and CREATE TYPE in specified keyspace.
CREATE TABLE CREATE TABLE in specified keyspace.
DESCRIBE ALL KEYSPACES DESCRIBE KEYSPACE, DESCRIBE TABLE, and DESCRIBE TYPE in any keyspace
DESCRIBE KEYSPACE DESCRIBE KEYSPACE, DESCRIBE TABLE, and DESCRIBE TYPE, and DESCRIBE FUNCTION, and DESCRIBE AGGREGATE in specified keyspace
DROP ALL KEYSPACES DROP KEYSPACE, DROP TABLE, and DROP TYPE in any keyspace
DROP KEYSPACE DROP TABLE, and DROP TYPE in specified keyspace
DROP TABLE DROP TABLE
MODIFY ALL KEYSPACES INSERT, UPDATE, DELETE and TRUNCATE on all tables.
MODIFY KEYSPACE INSERT, UPDATE, DELETE and TRUNCATE on any table in specified keyspace.
MODIFY TABLE INSERT, UPDATE, DELETE and TRUNCATE on specified table. See note for tables with materialized views (MVs).
MODIFY ROWS INSERT, UPDATE, DELETE on the partition that matches the 'filtering_data' for the table.
SELECT ALL KEYSPACES SELECT on any table.
SELECT KEYSPACE SELECT on any table in specified keyspace.
SELECT TABLE SELECT on specified table.
SELECT ROWS SELECT on rows that exactly match the 'filtering_data' in specified table.
Note: To modify a base table that has a materialized view (MV) using an INSERT or UPDATE command if access permissions are enabled, a user must be granted MODIFY or ALL PERMISSIONS on the base table.