Shulou(Shulou.com)06/01 Report--

Cassandra replaces users and user groups with role. The role created by default does not have login and super permissions.

But the user created by default has the permission of login

(1) role

# create roles

Cassandra@cqlsh:keyspace1 > create role cdhu1

Cassandra@cqlsh:keyspace1 > create role cdhu2 with password='147258' and login=true

Cassandra@cqlsh:keyspace1 > create role cdhu3 with password='147258' and login=true and superuser=true

# View roles

Cassandra@cqlsh:keyspace1 > list roles

Role | super | login | options

-+-

Cassandra | True | True | {}

Cdhu1 | False | False | {}

Cdhu2 | False | True | {}

Cdhu3 | True | True | {}

Cassandra@cqlsh:keyspace1 > list roles of cdhu3

Role | super | login | options

-+-

Cdhu3 | True | True | {}

# modify the attributes of the role cdhu3

Cassandra@cqlsh:keyspace1 > ALTER ROLE cdhu3 WITH PASSWORD = '147258' AND SUPERUSER = false

# pass the permission of role cdhu3 to role cdhu2:

Cassandra@cqlsh:keyspace1 > grant cdhu3 to cdhu2

Cassandra@cqlsh:keyspace1 > revoke cdhu3 from cdhu2

(2) users

Cassandra@cqlsh:keyspace1 > create user user1 with password '147258' superuser

Cassandra@cqlsh:keyspace1 > create user user2 with password '147258' nosuperuser

Cassandra@cqlsh:keyspace1 > list users

Name | super

-+-

Cassandra | True

User1 | True

User2 | False

(3) permissions

CREATE

ALTER

DROP

SELECT

MODIFY

AUTHORIZE

DESCRIBE

EXECUTE

# grant&revoke

Cassandra@cqlsh:keyspace1 > grant select on keyspace1.t1 to cdhu2

Cassandra@cqlsh:keyspace1 > grant modify on keyspace keyspace1 to cdhu2

Cassandra@cqlsh:keyspace1 > revoke select on kyepsace1.t1 from cdhu2

# View the permissions of a role or user

Cassandra@cqlsh:keyspace1 > list all permissions

Cassandra@cqlsh:keyspace1 > list all permissions of cdhu2

Role | username | resource | permission

-+-

Cdhu2 | cdhu2 | | MODIFY

Cdhu2 | cdhu2 | | SELECT

Cassandra@cqlsh:keyspace1 > list all permissions on keyspace1.t1 of cdhu2

Role | username | resource | permission

-+-

Cdhu2 | cdhu2 | | MODIFY

Cdhu2 | cdhu2 | | SELECT

(4) Login settings

# modify configuration file

$vim / usr/local/cassandra/conf / cassandra.yaml

Authenticator: PasswordAuthenticator

Authorizer: CassandraAuthorizer

# restart the database will automatically create system_auto and generate three tables credentials,users,permissions

# stop cassandra service

[tnuser@sht-sgmhadoopdn-02 bin] $nodetool stopdaemon

Cassandra has shutdown.

Error: Connection refused (Connection refused)

-- StackTrace--

[tnuser@sht-sgmhadoopdn-02 bin] $cassandra

# if you visit again, no user and password will report an error:

[tnuser@sht-sgmhadoopdn-02 bin] $cqlsh

Connection error: ('Unable to connect to any servers', {' 127.0.0.1: AuthenticationFailed ('Remote end requires authentication.',)})

# use cassandra default username and password cassandra/cassandra:

[tnuser@sht-sgmhadoopdn-02 bin] $cqlsh-ucassandra-pcassandra

Connected to mycluster at 127.0.0.1:9042.

[cqlsh 5.0.1 | Cassandra 2.1.18 | CQL spec 3.2.1 | Native protocol v3]

Use HELP for help.

# change password

Cassandra@cqlsh > alter user cassandra with password '147258'

Cassandra@cqlsh > quit

Cassandra@cqlsh:system_auth > desc tables

Credentials users permissions

Cassandra@cqlsh:system_auth > select * from credentials

Username | options | salted_hash

-+-

Cassandra | null | $2a$10 $SqGQtA8PLhBwoWLBBDQgN.oAiQGD3MrnU0Jeln7QZRJj8g1jIJ3n6

Cassandra@cqlsh:system_auth > select * from users

Name | super

-+-

Cassandra | True

# configure password-less login Cassandra:

[tnuser@sht-sgmhadoopdn-02] $vim ~ / .cassandra/sqlshrc

[authentication]

Username = cassandra

Password = 147258

Cassandra@cqlsh > list users

Name | super

-+-

Cassandra | True

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.