Supplies modules for administering Cassandra roles and granting permissions to those roles.
- Enable authentication in Cassandra
- Have
cassandra-driver
python package installed on the target machine
E.g. set the following properties in /etc/cassandra/cassandra.yml
:
authenticator: PasswordAuthenticator
authorizer: CassandraAuthorizer
Once this is updated and the cluster restarted a default user of cassandra
with password cassandra
will be required
to login.
This config change and restart must be applied before you can add permissions.
The package is: cassandra-driver
and it can be install via pip
.
Docs: https://datastax.github.io/python-driver/api/cassandra/query.html
In Cassandra's permissioning system, there are just roles. However, roles can (optionally) login and roles can inherit other roles (so roles can be used in a very user-like way).
A suggested setup would be have 'role' roles which can't login (but are granted the keyspace permissions), and 'user' roles which can login and inherit their permissions from roles.
e.g.
- Create role
role_select_all
who can not login but is granted access to select anything from any keyspace/table. - Create 'pseudo-user' (a role which can login) and assign them the role
role_select_all
.
See example-tasks
for how this can be done.
Written in comments in library/*
.