Controlling access
We've now created a user account for our data analytics team, but so far that user can't actually do anything in our database. We'd like to give the data analytics team read access to all the data in our application's keyspace, but no ability to modify data or schema structures. To do this, we'll use the GRANT command:
GRANT SELECT PERMISSION ON KEYSPACE "my_status" TO 'data_analytics';
Now the data_analytics user can read the data from any table in the my_status keyspace; however, it can't make any modifications to anything. The SELECT permission we used above is one of six that Cassandra makes available:
|
Permission |
Description |
CQL commands allowed |
|---|---|---|
|
|
Read data |
|
|
|
Add, update, and remove data in existing tables |
|
|
|
Create keyspaces and tables |
|
|
|
Modify the structure of existing keyspaces and tables |
|
