Cassandra: Difference between revisions
Jump to navigation
Jump to search
| (5 intermediate revisions by the same user not shown) | |||
| Line 10: | Line 10: | ||
</syntaxhighlight> | </syntaxhighlight> | ||
=== Intial | === Intial Security === | ||
* Update /etc/cassandra/yaml to add password authentification | * Update /etc/cassandra/yaml to add password authentification | ||
| Line 19: | Line 19: | ||
Change with this new value: | Change with this new value: | ||
authenticator: PasswordAuthenticator | authenticator: PasswordAuthenticator | ||
</pre> | |||
<pre> | |||
Old value: | |||
authorizer: AllowAllAuthorizer | |||
Change with this new value: | |||
authorizer: CassandraAuthorizer | |||
</pre> | </pre> | ||
| Line 33: | Line 41: | ||
* Create a backup Admin | * Create a backup Admin | ||
<syntaxhighlight lang="bash"> | <syntaxhighlight lang="bash"> | ||
CREATE ROLE myadmin WITH PASSWORD = 'myAdminPassword' AND LOGIN = true AND SUPERUSER = true; | |||
</syntaxhighlight> | </syntaxhighlight> | ||
=== Key space | === Key space management === | ||
* List all keyspaces | * List all keyspaces | ||
| Line 43: | Line 51: | ||
</syntaxhighlight> | </syntaxhighlight> | ||
* Create a keyspace | |||
<syntaxhighlight lang="sql"> | |||
create KEYSPACE myKeyspace WITH replication = {'class': 'NetworkTopologyStrategy', 'datacenter1': 3}; | |||
</syntaxhighlight> | |||
* Remove a keyspace | |||
<syntaxhighlight lang="sql"> | |||
DROP KEYSPACE myKeyspace; | |||
</syntaxhighlight> | |||
=== Manage Roles === | |||
* Create a role that has all permissions in all keyspaces: | |||
<syntaxhighlight lang="sql"> | <syntaxhighlight lang="sql"> | ||
CREATE ROLE keyspace_admin; | |||
GRANT ALL PERMISSIONS ON ALL KEYSPACES TO keyspace_admin; | |||
GRANT keyspace_admin to martin; | |||
</syntaxhighlight> | </syntaxhighlight> | ||
* Create an administrator role for a single keyspace: | |||
<syntaxhighlight lang="sql"> | |||
CREATE ROLE cycling_admin; | |||
GRANT ALL PERMISSIONS ON KEYSPACE cycling to cycling_admin; | |||
GRANT cycling_admin TO sandy; | |||
</syntaxhighlight> | |||
<syntaxhighlight lang=" | * Create a role that can only make data changes, INSERT, UPDATE, DELETE, and TRUNCATE for any table in the keyspace cycling: | ||
<syntaxhighlight lang="sql"> | |||
GRANT MODIFY ON KEYSPACE cycling TO team_manager; | |||
GRANT team_manager to sandy; | |||
</syntaxhighlight> | |||
* Create a role that can only select data and use functions in the cycling keyspace: | |||
<syntaxhighlight lang="sql"> | |||
CREATE ROLE cyclist_analyst; | |||
GRANT SELECT ON KEYSPACE cycling TO cyclist_analyst; | |||
GRANT EXECUTE ON ALL FUNCTIONS IN KEYSPACE cycling to cyclist_analyst; | |||
GRANT cyclist_analyst TO wilson; | |||
</syntaxhighlight> | |||
* Remove a role | |||
<syntaxhighlight lang="sql"> | |||
DROP ROLE myRole; | |||
</syntaxhighlight> | |||
* List Roles | |||
<syntaxhighlight lang="sql"> | |||
LIST ROLES; | |||
</syntaxhighlight> | |||
* List Roles of a user | |||
<syntaxhighlight lang="sql"> | |||
LIST ROLES OF myUser; | |||
</syntaxhighlight> | |||
* List Permissions | |||
<syntaxhighlight lang="sql"> | |||
LIST All PERMISSIONS; | |||
</syntaxhighlight> | </syntaxhighlight> | ||
Latest revision as of 04:11, 12 October 2020
Cassandra
nodetool status
bin/cqlsh localhost
SELECT cluster_name, listen_address FROM system.local;
Intial Security
- Update /etc/cassandra/yaml to add password authentification
Old value: authenticator: AllowAllAuthenticator Change with this new value: authenticator: PasswordAuthenticator
Old value: authorizer: AllowAllAuthorizer Change with this new value: authorizer: CassandraAuthorizer
- Test new configuration
cqlsh -u cassandra -p cassandra
- Change default cassandra password
ALTER USER cassandra WITH PASSWORD 'newPassword';
- Create a backup Admin
CREATE ROLE myadmin WITH PASSWORD = 'myAdminPassword' AND LOGIN = true AND SUPERUSER = true;
Key space management
- List all keyspaces
SELECT * FROM system_schema.keyspaces;
- Create a keyspace
create KEYSPACE myKeyspace WITH replication = {'class': 'NetworkTopologyStrategy', 'datacenter1': 3};
- Remove a keyspace
DROP KEYSPACE myKeyspace;
Manage Roles
- Create a role that has all permissions in all keyspaces:
CREATE ROLE keyspace_admin;
GRANT ALL PERMISSIONS ON ALL KEYSPACES TO keyspace_admin;
GRANT keyspace_admin to martin;
- Create an administrator role for a single keyspace:
CREATE ROLE cycling_admin;
GRANT ALL PERMISSIONS ON KEYSPACE cycling to cycling_admin;
GRANT cycling_admin TO sandy;
- Create a role that can only make data changes, INSERT, UPDATE, DELETE, and TRUNCATE for any table in the keyspace cycling:
GRANT MODIFY ON KEYSPACE cycling TO team_manager;
GRANT team_manager to sandy;
- Create a role that can only select data and use functions in the cycling keyspace:
CREATE ROLE cyclist_analyst;
GRANT SELECT ON KEYSPACE cycling TO cyclist_analyst;
GRANT EXECUTE ON ALL FUNCTIONS IN KEYSPACE cycling to cyclist_analyst;
GRANT cyclist_analyst TO wilson;
- Remove a role
DROP ROLE myRole;
- List Roles
LIST ROLES;
- List Roles of a user
LIST ROLES OF myUser;
- List Permissions
LIST All PERMISSIONS;