cassandra-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Devaki, Srinivas" ...@eightnoteight.space>
Subject Re: What is the safest way to enable authorization?
Date Thu, 09 May 2019 06:36:47 GMT
Hi,

before changing the configuration from `AllowAllAuthorizer` to
`CassandraAuthorizer`, you need to grant enough permissions to the user
that allow all the accessed tables by that user. I think that should fix
the problem.

Thanks

On Thu, May 9, 2019 at 12:02 PM Laxmikant Upadhyay <laxmikant.hcl@gmail.com>
wrote:

> Let's say I have a 3 node cluster on 3.11.4  on which authentication is
> enabled but authorization is disabled. It has one non-super login user
> 'user1' and default super user 'cassandra'
> In cassandra.yaml
> authenticator: PasswordAuthenticator
> authorizer: AllowAllAuthorizer
>
> So to enable authorization we change the cassandra.yaml of a node 'node1'
> from
> authorizer: AllowAllAuthorizer
> TO
> authorizer: CassandraAuthorizer
>
> You client application db operations on the node1 starts failing as soon
> as the cassandra restarts on that  nodewith below error until you run GRANT
> operation for user1 after connecting with cassandra user:
> UnauthorizedException: User user1 has no SELECT permission on <table
> testtable>
>
> Is there a way to avoid this error at all  in the above situation?
>
> --
>
> regards,
> Laxmikant Upadhyay
>
>

Mime
View raw message