DataStax Academy FAQ

DataStax Academy migrated to a new learning management system (LMS) in July 2020. We are also moving to a new Cassandra Certification process so there are changes to exam bookings, voucher system and issuing of certificates.

Check out the Academy FAQ pages for answers to your questions:


question

sushanta.saha_41353 avatar image
sushanta.saha_41353 asked ·

How do I create a user and grant all permissions on Graph, Spark & Search?

I have 1 DC with transaction and 1 DC with spark graph search. How do I create a "non superuser" and give all permissions to use spark graph search? Could not find any blog or whitepaper. Please give detail or point me to any resource having this information. Thanks.

security
10 |1000 characters needed characters left characters exceeded

Up to 8 attachments (including images) can be used with a maximum of 1.0 MiB each and 10.0 MiB total.

1 Answer

Erick Ramirez avatar image
Erick Ramirez answered ·

@sushanta.saha_41353 To begin with, you'll need to create a new role with CREATE ROLE in cqlsh.

If you have NOT enabled authorization in dse.yaml with:

authorization_options:
     enabled: true

there is no need to grant permissions to the new role. Otherwise, you will need to follow the instructions below.

Search permissions

For the new role, determine:

  • the Search indexes it should be able to access
  • the CQL commands it should be allowed to execute

Then using the examples in Controlling access to Search indexes, grant the necessary permissions to the new role.

Analytics permissions

For the new role, determine which Spark applications it should be able to access.

Then using the examples in Setting up DSE Spark application permissions, grant the necessary permissions to the new role.

It may also be necessary to authorise the role to run DSE commands including dse spark.

Graph permissions

For the new role, determine which graphs it should be able to manage.

Then using the examples in Controlling access to DataStax Graph keyspaces, grant the necessary permissions to the new role.

For more information on all other permissions, see Managing database access. Cheers!

Share
10 |1000 characters needed characters left characters exceeded

Up to 8 attachments (including images) can be used with a maximum of 1.0 MiB each and 10.0 MiB total.