In the YugabyteDB’s YCQL API, DDL security statements are instructions for managing and restricting operations on the database objects.
Examples:
- Create, grant, and revoke users and roles
- Grant, and revoke permissions on database objects
This feature is enabled by setting the YB-TServer configuration flag use_cassandra_authentication to true.
If I try to create a role when the YB-TServer configuration flag use_cassandra_authentication is set to false, I will get an error.
cassandra@ycqlsh> CREATE ROLE jim WITH PASSWORD='test';
Unauthorized: Error from server: code=2100 [Unauthorized] message="Unauthorized. You have to be logged in and not anonymous to perform this request
CREATE ROLE jim WITH PASSWORD='test';
^^^^^^
(ql error -4)"
After I set the YB-TServer configuration flag use_cassandra_authentication to true, I am able to create the role.
[root@localhost ~]# yugabyted stop
Stopped yugabyted using config /root/var/conf/yugabyted.conf.
[root@localhost ~]# yugabyted start --advertise_address 198.xxx.xxx.xxx --tserver_flags="use_cassandra_authentication=True" > start.log
[root@localhost ~]# ycqlsh 198.xxx.xxx.xxx -u cassandra -p cassandra
Connected to local cluster at 198.xxx.xxx.xxx:9042.
[ycqlsh 5.0.1 | Cassandra 3.9-SNAPSHOT | CQL spec 3.4.2 | Native protocol v4]
Use HELP for help.
cassandra@ycqlsh> CREATE ROLE jim WITH PASSWORD='test';
Note that in the simple example above, I used yugabyted running on a single node.
Using yugabyted, you can create single-node clusters, and, using the –join flag in the start command, multi-node clusters.
Have Fun!