PLANNED MAINTENANCE

Hello, DataStax Community!

We want to make you aware of a few operational updates which will be carried out on the site. We are working hard to streamline the login process to integrate with other DataStax resources. As such, you will soon be prompted to update your password. Please note that your username will remain the same.

As we work to improve your user experience, please be aware that login to the DataStax Community will be unavailable for a few hours on:

  • Wednesday, July 15 16:00 PDT | 19:00 EDT | 20:00 BRT
  • Thursday, July 16 00:00 BST | 01:00 CEST | 04:30 IST | 07:00 CST | 09:00 AEST

For more info, check out the FAQ page. Thank you for being a valued member of our community.


question

ranjeet_ranjee avatar image
ranjeet_ranjee asked ·

Why am I getting an Unauthorized exception when logged in as a superuser?

[FOLLOW UP QUESTION TO #5195]

Hete Eric I am getting error on another node

root@cassandra-8 ~]# cqlsh 10.130.85.25 -u cassandra -p password Connected to tracking-1 at 10.130.85.25:9042. [cqlsh 5.0.1 | Cassandra 3.11.1.2261 | DSE 5.1.8 | CQL spec 3.4.4 | Native protocol v4] Use HELP for help. cassandra@cqlsh> LIST ROLES; Unauthorized: Error from server: code=2100 [Unauthorized] message="You have to be logged in and not anonymous to perform this request" cassandra@cqlsh> exit

When I try with new superuser same error

[root@cassandra-8 ~]# cqlsh 10.130.85.25 -u adsizz -p password Connected to tracking-1 at 10.130.85.25:9042. [cqlsh 5.0.1 | Cassandra 3.11.1.2261 | DSE 5.1.8 | CQL spec 3.4.4 | Native protocol v4] Use HELP for help. adsizz@cqlsh> LIST ROLES; Unauthorized: Error from server: code=2100 [Unauthorized] message="You have to be logged in and not anonymous to perform this request"

cassandrasecurity
10 |1000 characters needed characters left characters exceeded

Up to 8 attachments (including images) can be used with a maximum of 1.0 MiB each and 10.0 MiB total.

1 Answer

Erick Ramirez avatar image
Erick Ramirez answered ·

CQL commands such as LIST ROLES require special permissions or privileges. As the error suggests, you session isn't authenticated so it isn't allowing you to run the command.

Check that you have authentication enabled on node 10.130.85.25. If you don't have authenticator delegated to DSE with:

authenticator: com.datastax.bdp.cassandra.auth.DseAuthenticator

and don't have authentication enabled in dse.yaml:

authentication_options:
    enabled: false

then even when you specify a username and password on the command line, you won't get authenticated. Cheers!

4 comments Share
10 |1000 characters needed characters left characters exceeded

Up to 8 attachments (including images) can be used with a maximum of 1.0 MiB each and 10.0 MiB total.

If I have made the changes as per your instruction but still facing same error

Unauthorized: Error from server: code=2100 [Unauthorized] message="You have to be logged in and not anonymous to perform this request"

Cassandra.yml

authorizer: com.datastax.bdp.cassandra.auth.DseAuthorizer

dse.yml

##########################
# Authorization options

#   allow_row_level_security - In order for row level security to be used, this must be set to allow it
#                              for the entire system. true or false
authorization_options:
    enabled: false
#     transitional_mode: disabled
#     allow_row_level_security: false


0 Likes 0 · ·

Sorry, I wasn't clear in my answer. If you don't have authentication enabled (enabled: false) then it won't work.

You need to make sure authentication is enabled correctly on both nodes for it to work. Follow the instructions in Enabling DSE Unified Authentication. Cheers!

0 Likes 0 · ·
ranjeet_ranjee avatar image ranjeet_ranjee Erick Ramirez ♦♦ ·

Now if I verify keeping another node down I am getting below massage


adsizz@cqlsh> LIST ROLES;
NoHostAvailable: 


0 Likes 0 · ·
Show more comments