Functions and aggregate resources
Syntax for authorizing access to user defined function and aggregate.
cassandra.yaml
The location of the cassandra.yaml file depends on the type of installation:Package installations | /etc/dse/cassandra/cassandra.yaml |
Tarball installations | installation_location/resources/cassandra/conf/cassandra.yaml |
The function syntax applies to user defined functions and aggregates. Although user defined
functions and aggregates are located in a keyspace, function permissions are distinct and
must be applied separately. Access is controlled using modelled hierarchy. Granting
and revoking a privilege on a top level object automatically allows the same
permission on all ancestors.
Restriction: User defined functions are only available in environments that have
set to true in the
cassandra.yaml file.
Functions have the following hierarchy.
Synopsis
Use the following syntax to control access to functions:
- ALL FUNCTIONS
syntax:
GRANT privilege_list ON ALL FUNCTIONS TO role_name;
where the privileges are ALL PERMISSIONS, ALTER, CREATE, DROP, and EXECUTE - ALL FUNCTIONS IN KEYSPACE
syntax:
GRANT privilege_list ON ALL FUNCTIONS IN KEYSPACE keyspace_name TO role_name;
where the privileges are ALL PERMISSIONS, ALTER, CREATE, DROP, and EXECUTE - FUNCTION
syntax:
GRANT privilege_list ON FUNCTION function_name ( argument_types ) TO role_name;
where the function name is fully qualified and the privileges are ALL PERMISSIONS, ALTER, DROP, and EXECUTE
Revoke permission
syntax:
REVOKE permission_list
ON resource
FROM role_name;
Permission matrix
When a permission is granted to a role, users are able to perform the corresponding
operations.
privilege_name | resource_name | Permissions |
---|---|---|
ALL PERMISSIONS | ALL FUNCTIONS | All operations (ALTER, CREATE, DROP, and EXECUTE permissions) on all functions in all keyspaces. |
ALL PERMISSIONS | ALL FUNCTIONS IN KEYSPACE | All operations (ALTER, CREATE, DROP, and EXECUTE) on all functions in the selected keyspace. |
ALL PERMISSIONS | FUNCTION | All operations (ALTER, DROP, and EXECUTE) on the selected function. |
ALTER | ALL FUNCTIONS | CREATE OR REPLACE FUNCTION and CREATE OR REPLACE AGGREGATE on existing functions in all keyspaces. |
ALTER | ALL FUNCTIONS IN KEYSPACE keyspace_name | CREATE OR REPLACE FUNCTION and CREATE OR REPLACE AGGREGATE on existing functions in a specific keyspace. |
ALTER | FUNCTION function_name | CREATE OR REPLACE FUNCTION and CREATE OR REPLACE AGGREGATE on an existing function. |
CREATE | ALL FUNCTIONS | and in all keyspaces. |
CREATE | ALL FUNCTIONS IN KEYSPACE keyspace_name | and in specified keyspace. |
DROP | ALL FUNCTIONS | and in all keyspaces. |
DROP | ALL FUNCTIONS IN KEYSPACE keyspace_name | and in specified keyspace. |
DROP | FUNCTION function_name | or specified function. |
EXECUTE | ALL FUNCTIONS | Use a function or aggregate in SELECT, INSERT, and UPDATE in all keyspaces. Create an aggregate that contains a function. |
EXECUTE | ALL FUNCTIONS IN KEYSPACE keyspace_name | Use a function or aggregate in SELECT, INSERT, and UPDATE in a keypsace. Create an aggregate that contains a function in the keyspace. |
EXECUTE | FUNCTION function_name | SELECT, INSERT and UPDATE using specified function and use of the function in CREATE AGGREGATE. |