Friday, February 1, 2013

Cassandra Authentication and Authorization

Cassandra Authentication and authorization

By default, authentication is not enabled in Cassandra and anybody can access Cassandra.

Cassandra has a simple authentication & authorization mechanism by extending the below java interfaces.

In the source distribution(not in binary distribution) IAuthenticator and IAuthority interfaces are implemented in the SimpleAuthenticator project and it can be easily configurable with Cassandra. 

If you want to have your own authentication and authorization implementation you’re freely allowed to do it by extending the below interfaces.

The below steps are used to enable authentication in Cassandra.

1)       Configure cassandra.yaml
2)       Configure
3)       Configure and
4)       Cassandra.bat file in bin directory.

Step 1: Configure Cassandra.yaml :
            Find org.apache.cassandra.auth.AllowAllAuthenticator and it should be replaced with

Find org.apache.cassandra.auth.AllowAllAuthorizer and it should be replaced with org.apache.cassandra.auth.SimpleAuthorizer
Step 2: Configure
            Configure the required user names,keyspace names, column family names with their                              permission level.           
            You can configure the authorization upto column family level in Cassandra.
            Configure keyspace permissions:
            murali.<rw>=admin,Cassandra # <rw> means read and write.
            Murali.<ro>=user1 #<ro> mean read only permission.
            By default all the users will have read permission for all the keyspaces. 

            Configure column family permissions:

Step 3: Configure 
            Add the required user and password in this file.
cassandra = cassandra 

Step 4: Modifying JAVA_OPTS in Cassandra.bat file.
            Add the below lines to the JAVA_OPTS.

No comments:

Post a Comment