溫馨提示×
您好,登錄后才能下訂單哦!
點擊 登錄注冊 即表示同意《億速云用戶服務條款》
您好,登錄后才能下訂單哦!
Cassandra用role代替用戶和用戶組,默認創建的role沒有login和super權限;
但是默認創建的user是有login的權限
(1)角色
#創建角色
cassandra@cqlsh:keyspace1> create role cdhu1;
cassandra@cqlsh:keyspace1> create role cdhu2 with password='147258' and login=true;
cassandra@cqlsh:keyspace1> create role cdhu3 with password='147258' and login=true and superuser=true;
#查看角色
cassandra@cqlsh:keyspace1> list roles;
role | super | login | options
-----------+-------+-------+---------
cassandra | True | True | {}
cdhu1 | False | False | {}
cdhu2 | False | True | {}
cdhu3 | True | True | {}
cassandra@cqlsh:keyspace1> list roles of cdhu3;
role | super | login | options
-------+-------+-------+---------
cdhu3 | True | True | {}
#修改角色cdhu3的屬性
cassandra@cqlsh:keyspace1> ALTER ROLE cdhu3 WITH PASSWORD = '147258' AND SUPERUSER = false;
#把角色cdhu3的權限賦予傳遞給角色cdhu2:
cassandra@cqlsh:keyspace1> grant cdhu3 to cdhu2;
cassandra@cqlsh:keyspace1> revoke cdhu3 from cdhu2;
(2)用戶
cassandra@cqlsh:keyspace1> create user user1 with password '147258' superuser;
cassandra@cqlsh:keyspace1> create user user2 with password '147258' nosuperuser;
cassandra@cqlsh:keyspace1> list users;
name | super
-----------+-------
cassandra | True
user1 | True
user2 | False
(3)權限
CREATE
ALTER
DROP
SELECT
MODIFY
AUTHORIZE
DESCRIBE
EXECUTE
#grant&revoke
cassandra@cqlsh:keyspace1> grant select on keyspace1.t1 to cdhu2;
cassandra@cqlsh:keyspace1> grant modify on keyspace keyspace1 to cdhu2;
cassandra@cqlsh:keyspace1> revoke select on kyepsace1.t1 from cdhu2
#查看角色或用戶的權限
cassandra@cqlsh:keyspace1> list all permissions;
cassandra@cqlsh:keyspace1> list all permissions of cdhu2;
role | username | resource | permission
-------+----------+----------------------+------------
cdhu2 | cdhu2 | <keyspace keyspace1> | MODIFY
cdhu2 | cdhu2 | <table keyspace1.t1> | SELECT
cassandra@cqlsh:keyspace1> list all permissions on keyspace1.t1 of cdhu2;
role | username | resource | permission
-------+----------+----------------------+------------
cdhu2 | cdhu2 | <keyspace keyspace1> | MODIFY
cdhu2 | cdhu2 | <table keyspace1.t1> | SELECT
(4)登錄設置
#修改配置文件
$ vim /usr/local/cassandra/conf /cassandra.yaml
authenticator: PasswordAuthenticator
authorizer: CassandraAuthorizer
#重啟數據庫會自動創建system_auto,并且生成三個表credentials,users,permissions
#停止cassandra服務
[tnuser@sht-sgmhadoopdn-02 bin]$ nodetool stopdaemon
Cassandra has shutdown.
error: Connection refused (Connection refused)
-- StackTrace --
[tnuser@sht-sgmhadoopdn-02 bin]$cassandra
#再次訪問,沒有用戶和密碼會報錯:
[tnuser@sht-sgmhadoopdn-02 bin]$ cqlsh
Connection error: ('Unable to connect to any servers', {'127.0.0.1': AuthenticationFailed('Remote end requires authentication.',)})
#使用cassandra默認的用戶名和密碼cassandra/cassandra:
[tnuser@sht-sgmhadoopdn-02 bin]$ cqlsh -ucassandra -pcassandra
Connected to mycluster at 127.0.0.1:9042.
[cqlsh 5.0.1 | Cassandra 2.1.18 | CQL spec 3.2.1 | Native protocol v3]
Use HELP for help.
#修改密碼
cassandra@cqlsh> alter user cassandra with password '147258';
cassandra@cqlsh> quit
cassandra@cqlsh:system_auth> desc tables;
credentials users permissions
cassandra@cqlsh:system_auth> select * from credentials;
username | options | salted_hash
-----------+---------+--------------------------------------------------------------
cassandra | null | $2a$10$SqGQtA8PLhBwoWLBBDQgN.oAiQGD3MrnU0Jeln7QZRJj8g1jIJ3n6
cassandra@cqlsh:system_auth> select * from users ;
name | super
-----------+-------
cassandra | True
#配置無密碼登錄Cassandra:
[tnuser@sht-sgmhadoopdn-02 ~]$ vim ~/.cassandra/sqlshrc
[authentication]
username = cassandra
password = 147258
cassandra@cqlsh> list users;
name | super
-----------+-------
cassandra | True
免責聲明:本站發布的內容(圖片、視頻和文字)以原創、轉載和分享為主,文章觀點不代表本網站立場,如果涉及侵權請聯系站長郵箱:is@yisu.com進行舉報,并提供相關證據,一經查實,將立刻刪除涉嫌侵權內容。
