Controlling access to search indexes
Assign access privileges to roles for search index management.
Assign access privileges to roles for search index management.
Permissions and syntax
Setting access to search indexes using the following syntax:
- Allow access to search
index:
GRANT permission_name ON (ALL SEARCH INDICES | SEARCH KEYSPACE keyspace_name | SEARCH INDEX [keyspace_name.]table_name) TO role_name;
- Remove access to search
index:
REVOKE permission_name ON (ALL SEARCH INDICES | SEARCH KEYSPACE keyspace_name | SEARCH INDEX [keyspace_name.]table_name) FROM role_name;
permission_name | CQL command | Description |
---|---|---|
ALL PERMISSIONS | (all commands below), , and | Perform any search index actions and authorize other roles to use any of the actions below. |
SEARCH.ALTER | and | Add, drop, and set schema fields and configuration elements in a search index. |
SEARCH.COMMIT | Move the search index from RAM buffer to another on-heap memory location that is suitable for searching. | |
SEARCH.CREATE | Define a new search index. | |
SEARCH.DROP | Remove a search index. | |
SEARCH.REBUILD | Rebuilds the index of the search index. | |
SEARCH.RELOAD | Reloads the search index. |
Requirements to GRANT/REVOKE Search Index permissions
Roles that manage Search Index permissions must have AUTHORIZE on the search index
resource:
- Manage permissions for all search
indexes:
GRANT AUTHORIZE FOR permission_name ON ALL SEARCH INDICES TO role_name;
- Limit permissions to manage permissions to individual
tables:
GRANT AUTHORIZE FOR permission_name ON SEARCH INDEX [keyspace_name.]table_name TO role_name;
Note: Superuser roles have permission to perform any action; therefore do not
require explicitly granting authorize for a permission on search indexes
resource.
Procedure
-
Set access to all search indexes:
GRANT ALL PERMISSIONS ON ALL SEARCH INDICES TO role_name;
-
Limit access to a specific table:
GRANT ALL PERMISSIONS ON SEARCH INDEX [keyspace_name.]table_name) TO role_name;
-
Remove previously granted access to all search indexes:
REVOKE ALL PERMISSIONS ON ALL SEARCH INDICES FROM role_name;
-
Remove previously granted access to a specific table:
REVOKE ALL PERMISSIONS ON SEARCH INDEX [keyspace_name.]table_name) FROM role_name;
-
List all roles that have access to search indexes:
LIST ALL PERMISSIONS ON (ALL SEARCH INDICES|[keyspace_name.]table_name);