Apache Cassandra

Cassandra Drop Roles

2 years ago
by John Otieno

A database role refers to a collection of permissions allocated to one or more users within a database. A database role can also be assigned to the other roles, allowing a set of groups to perform specific actions on the databases in the cluster. For example, Apache Cassandra utilizes roles and permissions to manage the user security.

In this tutorial, you will discover how to manage Cassandra’s roles by learning how to create and remove the roles from the cluster.

Cassandra Create Role

In Apache Cassandra, we can create a role using the CREATE ROLE command followed by the role’s name.

A created role does not have a login functionality or superuser privileges. The syntax for creating a role in Cassandra is as shown:

CREATE ROLE [IF NOT EXISTS] role_name
[WITH SUPERUSER = true | false
| LOGIN = true | false
| PASSWORD =  'password'
| OPTIONS = option_map]

Let us take a simple example of creating a role in a Cassandra cluster.

cassandra@cqlsh> CREATE ROLE database_admin;

By default, creating a role does not assign any privileges unless you specify the SUPERUSER privilege during creation.

You can assign or remove the permissions to a specific role using the GRANT  or REVOKE permissions. For example, the following command assigns all permissions to the database_admin role on a given keyspace:

cassandra@cqlsh> GRANT ALL PERMISSIONS on KEYSPACE linuxhint TO database_admin;

Once you assign the specific permissions to a specific role, you can allocate to the various users that role in the cluster.

For example, to assign the database_admin role to a user called “linuxhint”, we can run the command as:

cassandra@cqlsh> GRANT database_admin TO linuxhint;

We can then view the permissions of the “database_admin” role with the following command:

cassandra@cqlsh> LIST ALL PERMISSIONS OF database_admin;

This should return all the permissions of the database_admin role. An example output is as shown:

role           | username       | resource             | permission
----------------+----------------+----------------------+------------
database_admin | database_admin | <keyspace linuxhint> |  CREATE
database_admin | database_admin | <keyspace linuxhint> |   ALTER
database_admin | database_admin | <keyspace linuxhint> |    DROP
database_admin | database_admin | <keyspace linuxhint> |   SELECT
database_admin | database_admin | <keyspace linuxhint> |   MODIFY
database_admin | database_admin | <keyspace linuxhint> |  AUTHORIZE

Cassandra Drop Role

Once a role is no longer relevant, you can remove it using the DROP ROLE command. The syntax is as shown:

DROP ROLE [IF EXISTS] role_name;

For example, to remove the database_admin role that we created earlier, we can run the following command:

cassandra@cqlsh> DROP ROLE IF EXISTS database_admin;

You can check the permissions of that role:

cassandra@cqlsh> LIST ALL PERMISSIONS OF database_admin;

This returns an error since the role no longer exists on the cluster.

InvalidRequest: Error from server: code=2200 [Invalid query] message="<role database_admin> doesn't exist"

Conclusion

You learned how to create and manage the roles in Apache Cassandra in this article. We also discussed how to delete the roles from a cluster.

About the author

John Otieno

My name is John and am a fellow geek like you. I am passionate about all things computers from Hardware, Operating systems to Programming. My dream is to share my knowledge with the world and help out fellow geeks. Follow my content by subscribing to LinuxHint mailing list

View all posts