温馨提示×

温馨提示×

您好,登录后才能下订单哦!

密码登录×
登录注册×
其他方式登录
点击 登录注册 即表示同意《亿速云用户服务条款》

Cassandra用户管理

发布时间:2020-07-15 10:03:54 来源:网络 阅读:4501 作者:Darren_Chen 栏目:关系型数据库

Cassandra用role代替用户和用户组,默认创建的role没有login和super权限;

但是默认创建的user是有login的权限


(1)角色

#创建角色

cassandra@cqlsh:keyspace1> create role cdhu1;

cassandra@cqlsh:keyspace1> create role cdhu2 with password='147258' and login=true;

cassandra@cqlsh:keyspace1> create role cdhu3 with password='147258' and login=true and superuser=true;


#查看角色

cassandra@cqlsh:keyspace1> list roles;

role      | super | login | options

-----------+-------+-------+---------

cassandra |  True |  True |        {}

     cdhu1 | False | False |        {}

     cdhu2 | False |  True |        {}

     cdhu3 |  True |  True |        {}


cassandra@cqlsh:keyspace1> list roles of cdhu3;

role  | super | login | options

-------+-------+-------+---------

cdhu3 |  True |  True |        {}


#修改角色cdhu3的属性

cassandra@cqlsh:keyspace1> ALTER ROLE cdhu3 WITH PASSWORD = '147258' AND SUPERUSER = false;


#把角色cdhu3的权限赋予传递给角色cdhu2:

cassandra@cqlsh:keyspace1> grant cdhu3 to cdhu2;

cassandra@cqlsh:keyspace1> revoke cdhu3 from cdhu2;



(2)用户

cassandra@cqlsh:keyspace1> create user user1 with password '147258' superuser;

cassandra@cqlsh:keyspace1> create user user2 with password '147258' nosuperuser;

cassandra@cqlsh:keyspace1> list users;

name      | super

-----------+-------

cassandra |  True

     user1 |  True

     user2 | False


(3)权限

CREATE

ALTER

DROP

SELECT

MODIFY

AUTHORIZE

DESCRIBE

EXECUTE


#grant&revoke

cassandra@cqlsh:keyspace1> grant select on keyspace1.t1 to cdhu2;

cassandra@cqlsh:keyspace1> grant modify on keyspace keyspace1 to cdhu2;

cassandra@cqlsh:keyspace1> revoke select on kyepsace1.t1 from cdhu2


#查看角色或用户的权限

cassandra@cqlsh:keyspace1> list all permissions;

cassandra@cqlsh:keyspace1> list all permissions of cdhu2;

role  | username | resource             | permission

-------+----------+----------------------+------------

cdhu2 |    cdhu2 | <keyspace keyspace1> |     MODIFY

cdhu2 |    cdhu2 | <table keyspace1.t1> |     SELECT


cassandra@cqlsh:keyspace1> list all permissions on keyspace1.t1 of cdhu2;

role  | username | resource             | permission

-------+----------+----------------------+------------

cdhu2 |    cdhu2 | <keyspace keyspace1> |     MODIFY

cdhu2 |    cdhu2 | <table keyspace1.t1> |     SELECT




(4)登录设置

#修改配置文件

$ vim /usr/local/cassandra/conf /cassandra.yaml

authenticator: PasswordAuthenticator

authorizer: CassandraAuthorizer


#重启数据库会自动创建system_auto,并且生成三个表credentials,users,permissions

#停止cassandra服务

[tnuser@sht-sgmhadoopdn-02 bin]$ nodetool stopdaemon

Cassandra has shutdown.

error: Connection refused (Connection refused)

-- StackTrace --


[tnuser@sht-sgmhadoopdn-02 bin]$cassandra


#再次访问,没有用户和密码会报错:

[tnuser@sht-sgmhadoopdn-02 bin]$ cqlsh

Connection error: ('Unable to connect to any servers', {'127.0.0.1': AuthenticationFailed('Remote end requires authentication.',)})


#使用cassandra默认的用户名和密码cassandra/cassandra:

[tnuser@sht-sgmhadoopdn-02 bin]$ cqlsh -ucassandra -pcassandra

Connected to mycluster at 127.0.0.1:9042.

[cqlsh 5.0.1 | Cassandra 2.1.18 | CQL spec 3.2.1 | Native protocol v3]

Use HELP for help.


#修改密码

cassandra@cqlsh> alter user cassandra with password '147258';

cassandra@cqlsh> quit


cassandra@cqlsh:system_auth> desc tables;

credentials  users  permissions



cassandra@cqlsh:system_auth> select * from credentials;

username  | options | salted_hash

-----------+---------+--------------------------------------------------------------

cassandra |    null | $2a$10$SqGQtA8PLhBwoWLBBDQgN.oAiQGD3MrnU0Jeln7QZRJj8g1jIJ3n6


cassandra@cqlsh:system_auth> select * from users ;

name      | super

-----------+-------

cassandra |  True



#配置无密码登录Cassandra:

[tnuser@sht-sgmhadoopdn-02 ~]$ vim ~/.cassandra/sqlshrc

[authentication]

username = cassandra

password = 147258


cassandra@cqlsh> list users;

name      | super

-----------+-------

cassandra |  True

向AI问一下细节

免责声明:本站发布的内容(图片、视频和文字)以原创、转载和分享为主,文章观点不代表本网站立场,如果涉及侵权请联系站长邮箱:is@yisu.com进行举报,并提供相关证据,一经查实,将立刻删除涉嫌侵权内容。

AI