Authorization in action
Now that we know how to create user accounts and grant and revoke permissions to them, let's see how a non-superuser account behaves in practice. To do this, let's open up a new cqlsh session logged in with our data analytics team's account:
$ cqlsh -u data_analytics -p verystrongpassword -k my_status
The -k my_status
option simply tells cqlsh that we want to interact with the my_status
keyspace, saving us the effort of issuing a USE
statement.
Now let's see what we can do. First, we expect to be able to read data with no problem; let's have a look at the user_status_updates
table:
SELECT * FROM user_status_updates;
As expected, we have permission to read the contents of that table:
Now let's try making a change to some data. ...
Get Learning Apache Cassandra now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.