Apache Cassandra

Cassandra Create Role

2 years ago
by John Otieno

This tutorial will teach you how to create and manage database roles in a Cassandra cluster. Roles govern the permissions and privileges accessed by database users on various objects. For example, you can have roles to allow a set of users to read but not write to a given database.

Let us explore how we can create various types of roles in a Cassandra cluster.

Cassandra Create Role Command Syntax

The snippet below shows the syntax of the create role in Cassandra:

CREATE ROLE [IF NOT EXISTS] role_name
[WITH SUPERUSER = true | false
| LOGIN = true | false
| PASSWORD =  'password'
| OPTIONS = option_map]

The following are the parameters in the syntax above:

  1. Role_name – this specifies the name used to identify a given role. Keep in mind that Cassandra will not letter case unless the name is enclosed in quotation marks.
  2. SUPERUSER – Setting the SUPERUSER value to true automatically grants AUTHORIZE, GRANT, and DROP on all roles. This allows superusers to manage other roles in the database.
  3. LOGIN – If set to true, the created role is treated as a standard account, allowing that username to log in with a username and password. By default, this value is set to false.
  4. PASSWORD – specifies the password with which the role will use to login. Pair this value with LOGIN = true. Otherwise, skip.
  5. OPTIONS – Specifies options for configured authentication plugins.

Example 1 – Create a Login Account

The following example shows how to create a login user using the CREATE ROLE command:

cqlsh> CREATE ROLE linuxhint
... WITH PASSWORD = 'password'
... AND LOGIN = true;

Setting the PASSWORD and LOGIN = true allows you to create a standard user. You can then login into the server with the created user as:

LOGIN linuxhint

The command will prompt you to enter a password for the specified username. Once authenticated, the prompt should reflect the logged-in user as:

linuxhint@cqlsh>

Example 2 – Creating a Role

To create a Cassandra role, we can run the command:

cassandra@cqlsh> CREATE ROLE admin;

The command above will create a new role called admin. Keep in mind that a role does not contain any permissions by default.

We can assign a role various permissions using the GRANT command. For example, we can assign ALL permissions to the admin role on a given keyspace by running the command:

cassandra@cqlsh> GRANT ALL PERMISSIONS ON KEYSPACE linuxhint to admin;

The command above will assign ALL PERMISSIONS to the admin role on the linuxhint keyspace.

We can then assign the role to a specific user as shown:

cassandra@cqlsh> GRANT admin TO linuxhint;

The command above will assign the admin role to the linuxhint user.

We can view the permissions of the user with the command:

cassandra@cqlsh> LIST ALL PERMISSIONS OF linuxhint;

Output:

role  | username | resource             | permission
-------+----------+----------------------+------------
admin |    admin | <keyspace linuxhint> |     CREATE
admin |    admin | <keyspace linuxhint> |      ALTER
admin |    admin | <keyspace linuxhint> |       DROP
admin |    admin | <keyspace linuxhint> |     SELECT
admin |    admin | <keyspace linuxhint> |     MODIFY
admin |    admin | <keyspace linuxhint> |  AUTHORIZE

(6 rows)

The command will return detailed permission information, including the role to which that username belongs, the target keyspace, and the permissions.

Conclusion

In this post, we covered how to create various roles in Cassandra using the CREATE ROLE command. Feel free to check the docs for more.

About the author

John Otieno

My name is John and am a fellow geek like you. I am passionate about all things computers from Hardware, Operating systems to Programming. My dream is to share my knowledge with the world and help out fellow geeks. Follow my content by subscribing to LinuxHint mailing list

View all posts