Cassandra Alter Roles

In this post, we will discuss how to alter Cassandra’s roles, allowing you to change the password of a given role, superuser status, and login parameters.

Let’s dive in.

Cassandra Create Role Command Syntax

The following snippet shows the syntax of the create role in Cassandra:

The following are the parameters in the given syntax:

Role_name – This specifies the name that is used to identify a given role.
SUPERUSER – Setting the SUPERUSER value to true automatically grants AUTHORIZE, GRANT, and DROP on all roles.
LOGIN – If set to true, the created role is treated as a standard account, allowing that username to log in with a username and password. By default, this value is set to false.
PASSWORD – It specifies the password that the role will use to log in. Pair this value with LOGIN = true. Otherwise, skip.
OPTIONS – Specifies the options for configured authentication plugins.

Example 1: Create a Login Account

The following example shows how to create a login user using the CREATE ROLE command:

cqlsh> CREATE ROLE linuxhint
... WITH PASSWORD = 'password'
... AND LOGIN = true;

Setting the PASSWORD and LOGIN = true allows you to create a standard user. You can then login into the server with the created user as:

LOGIN linuxhint
The command prompts you to enter a password for the specified username. Once authenticated, the prompt should reflect the logged-in user as follows:

linuxhint@cqlsh>

Example 2: Creating a Role

To create a Cassandra role, we can run the following command:

cassandra@cqlsh> CREATE ROLE admin;

The previous commands create a new role called admin. Keep in mind that a role does not contain any permissions by default.

We can assign a role to various permissions using the GRANT command. For example, we can set ALL permissions to the admin role on a given keyspace by running the following command:

cassandra@cqlsh> GRANT ALL PERMISSIONS ON KEYSPACE linuxhint to admin;

The previous command assigns ALL PERMISSIONS to the admin role on the Linuxhint keyspace.

We can then assign the role to a specific user as shown in the following:

cassandra@cqlsh> GRANT admin TO linuxhint;

The previous command assigns the admin role to the Linuxhint user.

We can view the permissions of the user with the following command:

cassandra@cqlsh> LIST ALL PERMISSIONS OF linuxhint;

Output

The command returns the detailed permission information including the role to which that username belongs, the target keyspace, and the permissions.

Cassandra Alter Role

The following shows the syntax of the ALTER ROLE command in Cassandra:

ALTER ROLE role_name
[WITH [PASSWORD = 'password']
[LOGIN = true | false]
[SUPERUSER = true | false]
[OPTIONS = map_literal]]

For example, to change the password of the Linuxhint that was created earlier, we can run the following command:

cassandra@cqlsh> ALTER ROLE linuxhint WITH PASSWORD = 'new_password';

To disable the login, we can run the following command:

cassandra@cqlsh> ALTER ROLE linuxhint WITH PASSWORD = 'new_password' AND LOGIN = false;

Finally, to alter the SUPERUSER status, run the following command:

cassandra@cqlsh> ALTER ROLE linuxhint WITH PASSWORD = 'new_password' AND SUPERUSER = false;

Conclusion

In this article, we covered the basics of using the Cassandra ALTER ROLE command to alter the various properties of a given role.

Thanks for reading!