With authentication set up, additionally enabling user authorization allows each user to be assigned specific permissions to different Cassandra objects. In Apache Cassandra versions 2.2 and up, users are referred to as roles. With authorization enabled, roles can be assigned the following permissions via CQL:
- ALTER: Change table or keyspace definitions
- AUTHORIZE: Grant or revoke specific permissions to other users
- CREATE:: Create new tables or keyspaces
- DESCRIBE: Retrieve definitions of a table or keyspace
- DROP: Delete specific tables or keyspaces
- EXECUTE: Run functions in a specific keyspace
- MODIFY: Run DELETE, INSERT, UPDATE, or TRUNCATE commands on a specific table
- SELECT: Query a specific table
- ALL PERMISSIONS: No restricted ...