In this tutorial we learn how to manage user in database cassandra. Setting the cassandra database using username and password authentication. Learn how to login using default username and password cassandra, create user with or without password, create user superuser and nosuperuser, modifying user and dropping user.
Create user
Syntax for create user
CREATE USER IF NOT EXISTS user_name WITH PASSWORD 'password' NOSUPERUSER | SUPERUSER
Before we create user, check the authenticator file cassandra.yaml
, must using PasswordAuthenticator.
authenticator: PasswordAuthenticator
if not change it and restart cassandra.
for creating user in cassandra we must login as superuser
Create user for the first time in cassandra we must login using default superuser.
root@e465eeadc356:/# cqlsh -u cassandra -p cassandra
Connected to Test Cluster at 127.0.0.1:9042.
[cqlsh 5.0.1 | Cassandra 3.11.1 | CQL spec 3.4.4 | Native protocol v4]
Use HELP for help.
cassandra@cqlsh>
Syntax for creating user in cqlsh
CREATE USER nonadmin;
CREATE USER nonadmin1 WITH PASSWORD 'nonadmin1';
CREATE USER nonadmin2 WITH PASSWORD 'nonadmin2' NOSUPERUSER;
CREATE USER admin WITH PASSWORD 'admin' SUPERUSER;
cassandra@cqlsh> create user testuser;
cassandra@cqlsh> CREATE USER nonadmin1 with password 'nonadmin1';
cassandra@cqlsh> CREATE USER nonadmin2 with password 'nonadmin2' NOSUPERUSER;
cassandra@cqlsh> CREATE USER admin with password 'admin' SUPERUSER;
cassandra@cqlsh> CREATE USER ADMIN with password 'admintest';
cassandra@cqlsh> CREATE USER admin with password 'admintest';
InvalidRequest: Error from server: code=2200 [Invalid query] message="admin already exists"
cassandra@cqlsh> list users;
name | super
-----------+-------
ADMIN | False
admin | True
cassandra | True
nonadmin1 | False
nonadmin2 | False
testuser | False
In this course we learn
1. User cassandra Case Sensitif ( user “ADMIN” not same with user “admin”)
2. Default user is not superuser
trying login to cassandra using user
Connected to Test Cluster at 127.0.0.1:9042.
[cqlsh 5.0.1 | Cassandra 3.11.1 | CQL spec 3.4.4 | Native protocol v4]
Use HELP for help.
nonadmin1@cqlsh>
Alter User
Superusers can change a user’s password or superuser status. To prevent disabling all superusers, superusers cannot change their own superuser status. Ordinary users can change only their own password. Enclose the user name in single quotation marks if it contains non-alphanumeric characters. Enclose the password in single quotation marks.
Syntax
ALTER USER username
WITH PASSWORD 'password' NOSUPERUSER | SUPERUSER
example
ALTER USER nonadmin1 WITH PASSWORD 'nonadmin123' SUPERUSER;
root@e465eeadc356:/# cqlsh -u cassandra -p cassandra
Connected to Test Cluster at 127.0.0.1:9042.
[cqlsh 5.0.1 | Cassandra 3.11.1 | CQL spec 3.4.4 | Native protocol v4]
Use HELP for help.
cassandra@cqlsh> ALTER USER nonadmin1 WITH PASSWORD 'nonadmin123' SUPERUSER;
cassandra@cqlsh> list users;
name | super
-----------+-------
ADMIN | False
admin | True
cassandra | True
nonadmin1 | True
nonadmin2 | False
testuser | False
(6 rows)
cassandra@cqlsh> exit
root@e465eeadc356:/# cqlsh -u nonadmin1 -p nonadmin123
Connected to Test Cluster at 127.0.0.1:9042.
[cqlsh 5.0.1 | Cassandra 3.11.1 | CQL spec 3.4.4 | Native protocol v4]
Use HELP for help.
nonadmin1@cqlsh>
user database nonadmin1 become “SUPERUSER” and changed the password.
notes
switch username without logout
LOGIN username [optional password]
example
login admin
when user admin not using password the shell with come out,if using password
Password: ******
nonadmin1@cqlsh> login admin
Password:
admin@cqlsh>
DROP user
DROP USER removes an existing user. In Apache Cassandra™ 2.0.9 and later, you can test that the user exists. Attempting to drop a user that does not exist results in an invalid query condition unless the IF EXISTS option is used. If the option is used, the statement will be a no-op if the user does not exist. You have to be logged in as a superuser to issue a DROP USER statement. Users cannot drop themselves.
Enclose the user name in single quotation marks only if it contains non-alphanumeric characters.
Syntax
DROP USER IF EXISTS username
example
admin@cqlsh> login cassandra
Password:
cassandra@cqlsh> drop user if exists nonadmin1;
cassandra@cqlsh> drop user if exists nonadmin1;
cassandra@cqlsh> list users;
name | super
-----------+-------
ADMIN | False
admin | True
cassandra | True
nonadmin2 | False
testuser | False
(5 rows)
cassandra@cqlsh>