Cassandra用户和权限控制的使用.docx

Cassandra用户和权限控制的使用一、配置和创建用户1、将cassandra.yaml中的配置项authenticator配置成以下方式（默认是：authenticator:AllowAllAuthenticator）authenticator:?PasswordAuthenticator2、cqlsh?-u?cassandra?-p?cassandra?10.9.62.153?9042说明：可以从cassandra.yaml看到默认的超级用户和密码是server_encryption_options:?internode_encryption:?none?keystore:?conf/.keystore?keystore_password:?cassandra?truststore:?conf/.truststore?truststore_password:?cassandra?#?More?advanced?defaults?below:?#?protocol:?TLS?#?algorithm:?SunX509?#?store_type:?JKS?#?cipher_suites:?[TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA,TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA]?#?require_client_auth:?false3、登录之后创建新的用户（默认是普通用户）CREATE?USER?xpfan?WITH?PASSWORD?111111;list users;二、用户权限首先，需要配置cassandra.yaml文件，将authorizer配置项改成如下（默认情况是：authorizer:?AllowAllAuthorizer）authorizer:?AllowAllAuthorizer重启后，重新连接，查看权限，发现是没有任何权限的。并且通过用户xpfan链接cassandra数据库服务器后，使用查询时会报没有查询权限的错误，如下：此时，可以通过超级用户去授权xpfan，如下：现在，我们可以查询keyspace1下的表了。1、grantExamplesGive spillman permission to perform SELECT queries on all tables in all keyspaces:GRANT SELECT ON ALL KEYSPACES TO spillman;Give akers permission to perform INSERT, UPDATE, DELETE and TRUNCATE queries on all tables in the field keyspace.GRANT MODIFYON KEYSPACE field TO akers;Give boone permission to perform ALTER KEYSPACE queries on the forty9ers keyspace, and also ALTER TABLE, CREATE INDEX and DROP INDEX queries on all tables in forty9ers keyspace:GRANT ALTER ON KEYSPACE forty9ers TO boone;Give boone permission to run all types of queries on ravens.plays table.GRANT ALL PERMISSIONSON ravens.plays TO boone;To grant access to a keyspace to just one user, assuming nobody else has ALL KEYSPACES access, you use this statement.GRANT ALL ON KEYSPACE keyspace_name TO user_nameGRANT ALL ON KEYSPACE keyspace1 TO xpfan;2、list permissionsExampleAssuming you completed the examples in Examples, list all permissions given to akers:LIST ALL PERMISSIONS