Cassandra

Cassandra

nodetool status

bin/cqlsh localhost
SELECT cluster_name, listen_address FROM system.local;

Intial Security

• Update /etc/cassandra/yaml to add password authentification

Old value:
authenticator: AllowAllAuthenticator

Change with this new value:
authenticator: PasswordAuthenticator

Old value:
authorizer: AllowAllAuthorizer

Change with this new value:
authorizer: CassandraAuthorizer

• Test new configuration

cqlsh -u cassandra -p cassandra

• Change default cassandra password

ALTER USER cassandra WITH PASSWORD 'newPassword';

• Create a backup Admin

CREATE ROLE myadmin WITH PASSWORD = 'myAdminPassword' AND LOGIN = true AND SUPERUSER = true;

Key space management

• List all keyspaces

SELECT * FROM system_schema.keyspaces;

• Create a keyspace

create KEYSPACE myKeyspace WITH replication = {'class': 'NetworkTopologyStrategy', 'datacenter1': 3};

• Remove a keyspace

DROP KEYSPACE myKeyspace;

Manage Roles

• Create a role that has all permissions in all keyspaces:

CREATE ROLE keyspace_admin;
GRANT ALL PERMISSIONS ON ALL KEYSPACES TO keyspace_admin;
GRANT keyspace_admin to martin;

• Create an administrator role for a single keyspace:

CREATE ROLE cycling_admin;
GRANT ALL PERMISSIONS ON KEYSPACE cycling to cycling_admin;
GRANT cycling_admin TO sandy;

• Create a role that can only make data changes, INSERT, UPDATE, DELETE, and TRUNCATE for any table in the keyspace cycling:

GRANT MODIFY ON KEYSPACE cycling TO team_manager;
GRANT team_manager to sandy;

• Create a role that can only select data and use functions in the cycling keyspace:

CREATE ROLE cyclist_analyst;
GRANT SELECT ON KEYSPACE cycling TO cyclist_analyst;
GRANT EXECUTE ON ALL FUNCTIONS IN KEYSPACE cycling to cyclist_analyst;
GRANT cyclist_analyst TO wilson;

• Remove a role

DROP ROLE myRole;

• List Roles

LIST ROLES;

• List Roles of a user

LIST ROLES OF myUser;

• List Permissions

LIST All PERMISSIONS;