Apache Cassandra

Cassandra List Roles

2 years ago
by John Otieno

Apache Cassandra utilizes the roles to manage the security for various types of users with access to the cluster. In addition, Cassandra allows you to define the multiple types of roles and assign them to the users within that cluster.

Each role contains a set of permissions that any user within that role can perform. For example, a specific role can only create, alter, and select the keyspaces and tables.

This ensures that only the users with specific permission can perform the various tasks within the cluster.

This article walks you through creating a role and viewing the available roles in the cluster.

Cassandra Create Role with Password

Using the CREATE ROLE and WITH PASSWORD keywords, we can create a role with a password.

An example is as shown:

cassandra@cqlsh> CREATE ROLE IF NOT EXISTS devops WITH PASSWORD = 'devops';

 
The previous command creates a role called devops with the specified password. To add the superuser privileges to an already existing role, you can use the ALTER ROLE command as shown:

cassandra@cqlsh> ALTER ROLE devops WITH PASSWORD = 'devops' AND SUPERUSER = true;

 
The previous command adds the superuser privileges to the specified role. Superuser privileges allow that role to modify the other roles and users within the cluster.

Cassandra Create User

To create a user in Cassandra, we use the CREATE ROLE keyword and set the LOGIN to true. An example is as shown:

cassandra@cqlsh> CREATE ROLE 'cap' WITH PASSWORD = 'password' AND LOGIN = true;

 
This creates a normal user with the specified username and password. You can then login as that user using the LOGIN keyword as:

cassandra@cqlsh> LOGIN cap
Password:b <enter password>
cap@cqlsh>

 

Cassandra Grant Role to a User

To grant a role to a specific user, we can use the GRANT keyword as shown in the following example:

cassandra@cqlsh> GRANT devops TO cap;

 
This grants the devops role to the username “cap”.

Cassandra List Roles

To view the roles in the cluster, we can use the LIST ROLES command as:

cassandra@cqlsh> LIST ROLES;

 
This should return all the available roles in the cluster.

NOTE: Any role with the login set to True is treated as a normal user.


To show the roles of a specific user, we can use the OF keyword as shown:

 cassandra@cqlsh> LIST ROLES OF cap;

 
This should return the roles that belong to the specified username.

role   | super | login | options | datacenters
--------+-------+-------+---------+-------------
    cap | False |  True |        {} |         ALL
 devops |  True | False |        {} |         ALL

 
In this case, the username “cap” has two roles.

Conclusion

In this article, you learned how to work with roles in Apache Cassandra, create various roles, and grant a role to a specific user.

Thanks for reading!

About the author

John Otieno

My name is John and am a fellow geek like you. I am passionate about all things computers from Hardware, Operating systems to Programming. My dream is to share my knowledge with the world and help out fellow geeks. Follow my content by subscribing to LinuxHint mailing list

View all posts