Bringing together the Apache Cassandra experts from the community and DataStax.
Want to learn? Have a question? Want to share your expertise? You are in the right place!
Not sure where to begin? Getting Started
Hi Team,
Say we want to disable the export of data from Cassandra database, is there any way that we can disable the export of data?
Like, if I hit the below command, it should not allow me to export the data.
copy user to '/tmp/users.csv' with header=true ;
Cheers,
Deepak
Hi @hellodk
COPY is a CQL shell command, which translates to individual select/insert statements, depending on the direction of copy.
I am not aware of a way to restrict certain cqlsh commands.
At database level, you could revoke the permission to select from the user keyspace/table to avoid unauthorised access by certain roles. This will then revoke the permission to read from the keyspace/table, and the export via COPY will be unsuccessful. However, those users will not be able run any other selects against this particular keyspace or table either.
See here for how to create roles:
https://docs.datastax.com/en/cql-oss/3.x/cql/cql_reference/cqlCreateRole.html
And here for the REVOKE command:
https://docs.datastax.com/en/cql-oss/3.x/cql/cql_reference/cqlRevoke.html
Here is an example of a COPY attempt with a role without SELECT permissions:
non_superuser@cqlsh> copy user.test to 'users.csv'; Using 1 child processes Starting copy of user.test with columns [id, data]. Error for (None, None): Unauthorized - Error from server: code=2100 [Unauthorized] message="User non_superuser has no SELECT permission on <table user.test> or any of its parents" (will try again later attempt 1 of 5) Error for (None, None): Unauthorized - Error from server: code=2100 [Unauthorized] message="User non_superuser has no SELECT permission on <table user.test> or any of its parents" (will try again later attempt 2 of 5) Error for (None, None): Unauthorized - Error from server: code=2100 [Unauthorized] message="User non_superuser has no SELECT permission on <table user.test> or any of its parents" (will try again later attempt 3 of 5) Error for (None, None): Unauthorized - Error from server: code=2100 [Unauthorized] message="User non_superuser has no SELECT permission on <table user.test> or any of its parents" (will try again later attempt 4 of 5) Error for (None, None): Unauthorized - Error from server: code=2100 [Unauthorized] message="User non_superuser has no SELECT permission on <table user.test> or any of its parents" (permanently given up after 0 rows and 5 attempts) Exported 0 ranges out of 1 total ranges, some records might be missing Processed: 0 rows; Rate: 0 rows/s; Avg. rate: 0 rows/s 0 rows exported to 1 files in 0.325 seconds.
I hope this helps!
7 People are following this question.
