Bringing together the Apache Cassandra experts from the community and DataStax.

Want to learn? Have a question? Want to share your expertise? You are in the right place!

Not sure where to begin? Getting Started

 

question

hellodk avatar image
hellodk asked bettina.swynnerton edited

Can we disable exporting of table data?

Hi Team,


Say we want to disable the export of data from Cassandra database, is there any way that we can disable the export of data?

Like, if I hit the below command, it should not allow me to export the data.

copy user to '/tmp/users.csv' with header=true ;


Cheers,

Deepak

cassandracopy
10 |1000 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 8 attachments (including images) can be used with a maximum of 1.0 MiB each and 10.0 MiB total.

1 Answer

bettina.swynnerton avatar image
bettina.swynnerton answered bettina.swynnerton edited

Hi @hellodk

COPY is a CQL shell command, which translates to individual select/insert statements, depending on the direction of copy.

I am not aware of a way to restrict certain cqlsh commands.

At database level, you could revoke the permission to select from the user keyspace/table to avoid unauthorised access by certain roles. This will then revoke the permission to read from the keyspace/table, and the export via COPY will be unsuccessful. However, those users will not be able run any other selects against this particular keyspace or table either.


See here for how to create roles:

https://docs.datastax.com/en/cql-oss/3.x/cql/cql_reference/cqlCreateRole.html

And here for the REVOKE command:

https://docs.datastax.com/en/cql-oss/3.x/cql/cql_reference/cqlRevoke.html


Here is an example of a COPY attempt with a role without SELECT permissions:

non_superuser@cqlsh> copy user.test to 'users.csv';
Using 1 child processes

Starting copy of user.test with columns [id, data].
Error for (None, None): Unauthorized - Error from server: code=2100 [Unauthorized] message="User non_superuser has no SELECT permission on <table user.test> or any of its parents" (will try again later attempt 1 of 5)
Error for (None, None): Unauthorized - Error from server: code=2100 [Unauthorized] message="User non_superuser has no SELECT permission on <table user.test> or any of its parents" (will try again later attempt 2 of 5)
Error for (None, None): Unauthorized - Error from server: code=2100 [Unauthorized] message="User non_superuser has no SELECT permission on <table user.test> or any of its parents" (will try again later attempt 3 of 5)
Error for (None, None): Unauthorized - Error from server: code=2100 [Unauthorized] message="User non_superuser has no SELECT permission on <table user.test> or any of its parents" (will try again later attempt 4 of 5)
Error for (None, None): Unauthorized - Error from server: code=2100 [Unauthorized] message="User non_superuser has no SELECT permission on <table user.test> or any of its parents" (permanently given up after 0 rows and 5 attempts)
Exported 0 ranges out of 1 total ranges, some records might be missing
Processed: 0 rows; Rate:       0 rows/s; Avg. rate:       0 rows/s
0 rows exported to 1 files in 0.325 seconds.

I hope this helps!

Share
10 |1000 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 8 attachments (including images) can be used with a maximum of 1.0 MiB each and 10.0 MiB total.