Search indexes
Syntax for authorizing access to search indexes.
DataStax Enterprise search indexes permissions can only be managed on a Search enabled node. Apply search index permissions in addition to keyspace and table permissions. Access is controlled using modelled hierarchy. Granting and revoking a privilege on a top level object automatically allows the same permission on all ancestors.
Search indexes have the following hierarchy.
Synopsis
Use the following syntax to assign permissions to search resources:
- ALL SEARCH INDICES
GRANT permission[, permission ...] ON ALL SEARCH INDICES TO role_name;
where permissions are ALL PERMISSIONS, AUTHORIZE [FOR permission_list], SEARCH.ALTER, SEARCH.COMMIT, SEARCH.CREATE, SEARCH.DROP, SEARCH.REBUILD, and SEARCH.RELOAD - SEARCH KEYSPACE
keyspace_name
GRANT permission[, permission ...] ON SEARCH KEYSPACE keyspace_name TO role_name;
where permissions are ALL PERMISSIONS, AUTHORIZE, SEARCH.ALTER, SEARCH.COMMIT, SEARCH.CREATE, SEARCH.DROP, SEARCH.REBUILD, and SEARCH.RELOAD - SEARCH INDEX
[keyspace_name.]table_name
GRANT permission[, permission ...] ON SEARCH INDEX [keyspace_name.]table_name TO role_name;
where permissions are ALL PERMISSIONS, AUTHORIZE, SEARCH.ALTER, SEARCH.COMMIT, SEARCH.CREATE, SEARCH.DROP, SEARCH.REBUILD, and SEARCH.RELOAD
Permission matrix
| Privilege | Resource | Permissions |
|---|---|---|
| ALL PERMISSIONS | ALL SEARCH INDICES | All search index privileges for all search indexes systemwide. |
| ALL PERMISSIONS | SEARCH KEYSPACE keyspace_name | All search index privileges search indexes on any table in keyspace. |
| ALL PERMISSIONS | SEARCH INDEX table_name | All search index privileges for on the table. |
| SEARCH.ALTER | ALL SEARCH INDICES | and on all tables in all
keyspaces. Note: Changes to the configuration and schema must be
loaded. |
| SEARCH.ALTER | SEARCH KEYSPACE keyspace_name | and on all search indexes on any table in the
keyspace. Note: Changes to the configuration and schema must be
loaded. |
| SEARCH.ALTER | SEARCH INDEX table_name | and on specified table. Use a keyspace
qualified table name when keyspace is not selected. Note: Changes to the
configuration and schema must be loaded. |
| SEARCH.COMMIT | ALL SEARCH INDICES | on all tables in all keyspaces. |
| SEARCH.COMMIT | SEARCH KEYSPACE keyspace_name | on all search indexes on any table in the keyspace. |
| SEARCH.COMMIT | SEARCH INDEX table_name | on specified table. Use a keyspace qualified table name when keyspace is not selected. |
| SEARCH.CREATE | ALL SEARCH INDICES | on all tables all keyspaces. |
| SEARCH.CREATE | SEARCH KEYSPACE keyspace_name | on all search indexes on any table in the keyspace. |
| SEARCH.CREATE | SEARCH INDEX table_name | on specified table. Use a keyspace qualified table name when keyspace is not selected. |
| SEARCH.DROP | ALL SEARCH INDICES | on all tables. |
| SEARCH.DROP | SEARCH KEYSPACE keyspace_name | on all search indexes on any table in the keyspace. |
| SEARCH.DROP | SEARCH INDEX table_name | on specified table. |
| SEARCH.REBUILD | ALL SEARCH INDICES | on any table in all keyspaces. |
| SEARCH.REBUILD | SEARCH KEYSPACE keyspace_name | on all search indexes on any table in the keyspace. |
| SEARCH.REBUILD | SEARCH INDEX table_name | on specified table. Use a keyspace qualified table name when keyspace is not selected. |
| SEARCH.RELOAD | ALL SEARCH INDICES | on all tables in all keyspaces. |
| SEARCH.RELOAD | SEARCH KEYSPACE keyspace_name | on all search indexes on any table in the keyspace. |
| SEARCH.RELOAD | SEARCH INDEX table_name | on specified table. Use a keyspace qualified table name when keyspace is not selected. |