0

While exploring cassandra, Is it possible in cassandra that if I created an user "test" and I have multiple keypsaces so if I am logging cqlsh with "test" then I can see only selected keyspaces not others.admin can view or switch all keypsaces. please help if any idea or correct me.

Thanks in advance.

LetsNoSQL
  • 1,478
  • 1
  • 11
  • 23

2 Answers2

4

Permissions (Data Control)

https://docs.scylladb.com/operating-scylla/security/authorization/#data-control

Permission     Resource     Operations
AUTHORIZE   ALL KEYSPACES   GRANT PERMISSION and REVOKE PERMISSION on any table
AUTHORIZE      KEYSPACE     GRANT PERMISSION and REVOKE PERMISSION on any table in specified keyspace
AUTHORIZE        TABLE      GRANT PERMISSION and REVOKE PERMISSION on specified table

GRANT permissions

https://docs.scylladb.com/operating-scylla/security/authorization/#grant-permission

AND / OR

RBAC (Role Based Access Control)

https://docs.scylladb.com/operating-scylla/security/authorization/#database-roles

Will be a good way of accomplishing what you are aiming for

TomerSan
  • 1,576
  • 6
  • 12
  • But my question is if I have "test" user when he will login can see only selected keyspace if run "DESC KEYSPACES". is it possible in Scylla? – LetsNoSQL Feb 19 '19 at 11:47
1

GRANT command should work. Though test user will be able to see other keyspaces, operation will not be possible unless given permission. If test user has SELECT grant on particular keyspace it will be able to only issue select query on tables in that keyspace.

https://docs.datastax.com/en/cql/3.3/cql/cql_reference/cqlGrant.html

undefined_variable
  • 6,180
  • 2
  • 22
  • 37
  • But my question is if I have "test" user when he will login can see only selected keyspace if run "DESC KEYSPACES". – LetsNoSQL Feb 19 '19 at 11:47