Cassandra用户管理
Cassandra用role代替用户和用户组,默认创建的role没有login和super权限;
但是默认创建的user是有login的权限
(1)角色
#创建角色
cassandra@cqlsh:keyspace1> create role cdhu1;
cassandra@cqlsh:keyspace1> create role cdhu2 with password='147258' and login=true;
cassandra@cqlsh:keyspace1> create role cdhu3 with password='147258' and login=true and superuser=true;
#查看角色
cassandra@cqlsh:keyspace1> list roles;
role | super | login | options
-----------+-------+-------+---------
cassandra | True | True | {}
cdhu1 | False | False | {}
cdhu2 | False | True | {}
cdhu3 | True | True | {}
cassandra@cqlsh:keyspace1> list roles of cdhu3;
role | super | login | options
-------+-------+-------+---------
cdhu3 | True | True | {}
#修改角色cdhu3的属性
cassandra@cqlsh:keyspace1> ALTER ROLE cdhu3 WITH PASSWORD = '147258' AND SUPERUSER = false;
#把角色cdhu3的权限赋予传递给角色cdhu2:
cassandra@cqlsh:keyspace1> grant cdhu3 to cdhu2;
cassandra@cqlsh:keyspace1> revoke cdhu3 from cdhu2;
(2)用户
cassandra@cqlsh:keyspace1> create user user1 with password '147258' superuser;
cassandra@cqlsh:keyspace1> create user user2 with password '147258' nosuperuser;
cassandra@cqlsh:keyspace1> list users;
name | super
-----------+-------
cassandra | True
user1 | True
user2 | False
(3)权限
CREATE
ALTER
DROP
SELECT
MODIFY
AUTHORIZE
DESCRIBE
EXECUTE
#grant&revoke
cassandra@cqlsh:keyspace1> grant select on keyspace1.t1 to cdhu2;
cassandra@cqlsh:keyspace1> grant modify on keyspace keyspace1 to cdhu2;
cassandra@cqlsh:keyspace1> revoke select on kyepsace1.t1 from cdhu2
#查看角色或用户的权限
cassandra@cqlsh:keyspace1> list all permissions;
cassandra@cqlsh:keyspace1> list all permissions of cdhu2;
role | username | resource | permission
-------+----------+----------------------+------------
cdhu2 | cdhu2 |
cdhu2 | cdhu2 | cassandra@cqlsh:keyspace1> list all permissions on keyspace1.t1 of cdhu2; role | username | resource | permission -------+----------+----------------------+------------ cdhu2 | cdhu2 | cdhu2 | cdhu2 | (4)登录设置 #修改配置文件 $ vim /usr/local/cassandra/conf /cassandra.yaml authenticator: PasswordAuthenticator authorizer: CassandraAuthorizer #重启数据库会自动创建system_auto,并且生成三个表credentials,users,permissions #停止cassandra服务 [tnuser@sht-sgmhadoopdn-02 bin]$ nodetool stopdaemon Cassandra has shutdown. error: Connection refused (Connection refused) -- StackTrace -- [tnuser@sht-sgmhadoopdn-02 bin]$cassandra #再次访问,没有用户和密码会报错: [tnuser@sht-sgmhadoopdn-02 bin]$ cqlsh Connection error: ('Unable to connect to any servers', {'127.0.0.1': AuthenticationFailed('Remote end requires authentication.',)}) #使用cassandra默认的用户名和密码cassandra/cassandra: [tnuser@sht-sgmhadoopdn-02 bin]$ cqlsh -ucassandra -pcassandra Connected to mycluster at 127.0.0.1:9042. [cqlsh 5.0.1 | Cassandra 2.1.18 | CQL spec 3.2.1 | Native protocol v3] Use HELP for help. #修改密码 cassandra@cqlsh> alter user cassandra with password '147258'; cassandra@cqlsh> quit cassandra@cqlsh:system_auth> desc tables; credentials users permissions cassandra@cqlsh:system_auth> select * from credentials; username | options | salted_hash -----------+---------+-------------------------------------------------------------- cassandra | null | $2a$10$SqGQtA8PLhBwoWLBBDQgN.oAiQGD3MrnU0Jeln7QZRJj8g1jIJ3n6 cassandra@cqlsh:system_auth> select * from users ; name | super -----------+------- cassandra | True #配置无密码登录Cassandra: [tnuser@sht-sgmhadoopdn-02 ~]$ vim ~/.cassandra/sqlshrc [authentication] username = cassandra password = 147258 cassandra@cqlsh> list users; name | super -----------+------- cassandra | True | SELECT
| SELECT
相关文章
