In this tutorial we learn how to manage user in database cassandra. Setting the cassandra database using username and password authentication. Learn how to login using default username and password cassandra, create user with or without password, create user superuser and nosuperuser, modifying user and dropping user.
Create user
Syntax for create user
|
1 2 |
CREATE USER IF NOT EXISTS user_name WITH PASSWORD 'password' NOSUPERUSER | SUPERUSER |
Before we create user, check the authenticator file cassandra.yaml, must using PasswordAuthenticator.
|
1 2 |
authenticator: PasswordAuthenticator |
if not change it and restart cassandra.
for creating user in cassandra we must login as superuser
Create user for the first time in cassandra we must login using default superuser.
|
1 2 3 4 5 6 |
root@e465eeadc356:/# cqlsh -u cassandra -p cassandra Connected to Test Cluster at 127.0.0.1:9042. [cqlsh 5.0.1 | Cassandra 3.11.1 | CQL spec 3.4.4 | Native protocol v4] Use HELP for help. cassandra@cqlsh> |
Syntax for creating user in cqlsh
|
1 2 3 4 5 |
CREATE USER nonadmin; CREATE USER nonadmin1 WITH PASSWORD 'nonadmin1'; CREATE USER nonadmin2 WITH PASSWORD 'nonadmin2' NOSUPERUSER; CREATE USER admin WITH PASSWORD 'admin' SUPERUSER; |
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 |
cassandra@cqlsh> create user testuser; cassandra@cqlsh> CREATE USER nonadmin1 with password 'nonadmin1'; cassandra@cqlsh> CREATE USER nonadmin2 with password 'nonadmin2' NOSUPERUSER; cassandra@cqlsh> CREATE USER admin with password 'admin' SUPERUSER; cassandra@cqlsh> CREATE USER ADMIN with password 'admintest'; cassandra@cqlsh> CREATE USER admin with password 'admintest'; InvalidRequest: Error from server: code=2200 [Invalid query] message="admin already exists" cassandra@cqlsh> list users; name | super -----------+------- ADMIN | False admin | True cassandra | True nonadmin1 | False nonadmin2 | False testuser | False |
In this course we learn
1. User cassandra Case Sensitif ( user “ADMIN” not same with user “admin”)
2. Default user is not superuser
trying login to cassandra using user
|
1 2 3 4 5 |
Connected to Test Cluster at 127.0.0.1:9042. [cqlsh 5.0.1 | Cassandra 3.11.1 | CQL spec 3.4.4 | Native protocol v4] Use HELP for help. nonadmin1@cqlsh> |
Alter User
Superusers can change a user’s password or superuser status. To prevent disabling all superusers, superusers cannot change their own superuser status. Ordinary users can change only their own password. Enclose the user name in single quotation marks if it contains non-alphanumeric characters. Enclose the password in single quotation marks.
Syntax
|
1 2 3 |
ALTER USER username WITH PASSWORD 'password' NOSUPERUSER | SUPERUSER |
example
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 |
ALTER USER nonadmin1 WITH PASSWORD 'nonadmin123' SUPERUSER; root@e465eeadc356:/# cqlsh -u cassandra -p cassandra Connected to Test Cluster at 127.0.0.1:9042. [cqlsh 5.0.1 | Cassandra 3.11.1 | CQL spec 3.4.4 | Native protocol v4] Use HELP for help. cassandra@cqlsh> ALTER USER nonadmin1 WITH PASSWORD 'nonadmin123' SUPERUSER; cassandra@cqlsh> list users; name | super -----------+------- ADMIN | False admin | True cassandra | True nonadmin1 | True nonadmin2 | False testuser | False (6 rows) cassandra@cqlsh> exit root@e465eeadc356:/# cqlsh -u nonadmin1 -p nonadmin123 Connected to Test Cluster at 127.0.0.1:9042. [cqlsh 5.0.1 | Cassandra 3.11.1 | CQL spec 3.4.4 | Native protocol v4] Use HELP for help. nonadmin1@cqlsh> |
user database nonadmin1 become “SUPERUSER” and changed the password.
notes
switch username without logout
|
1 2 3 4 5 6 7 8 9 |
LOGIN username [optional password] example login admin when user admin not using password the shell with come out,if using password Password: ****** nonadmin1@cqlsh> login admin Password: admin@cqlsh> |
DROP user
DROP USER removes an existing user. In Apache Cassandra™ 2.0.9 and later, you can test that the user exists. Attempting to drop a user that does not exist results in an invalid query condition unless the IF EXISTS option is used. If the option is used, the statement will be a no-op if the user does not exist. You have to be logged in as a superuser to issue a DROP USER statement. Users cannot drop themselves.
Enclose the user name in single quotation marks only if it contains non-alphanumeric characters.
Syntax
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 |
DROP USER IF EXISTS username example admin@cqlsh> login cassandra Password: cassandra@cqlsh> drop user if exists nonadmin1; cassandra@cqlsh> drop user if exists nonadmin1; cassandra@cqlsh> list users; name | super -----------+------- ADMIN | False admin | True cassandra | True nonadmin2 | False testuser | False (5 rows) cassandra@cqlsh> |
