Authorization is the process by where users are granted permissions which entitle them to access or change data on specific keyspaces, tables, or an entire datacenter. Role-Based Access Control is a method of reducing lists of authorized users to a few roles assigned to multiple users. The lesson also includes an example.
Authorization, ScyllaDB again come by default with
no authorization but if you do want to move to authorization move to
CassandraAuthorizer which enable role-based access control
role-based access control and. I’m sure most of you familiar with it
from other databases or other systems, you can specify which user can do what on
the system and so you can grant permission per role, you can grant
permission to read, you can grant permission to write, read from
a specific table, write a specific table, create other user etc
and one thing I want to mention this is actually something that was different in a
earlier version of both Cassandra and. ScyllaDB and changed in Cassandra and
ScyllaDB 3, these days you have roles and you have users where user is actually a
subset of roles, ok that was different in the old days but in now you
are basically only creating roles and the user as we will see in a second in
an example is actually just a role with a login, ok so you can create a hierarchy of roles
and user included so I won’t go over all the details of this example
it’s part of the documentation, in the documentation we given an example
an elaborate example of a gym with trainers and trainees and staff and admin, each them
have slightly different permissions on different tables and can do different
action on each of the tables, the way to create such role for example as you can
see here, I’m creating a role of a customer, I’m granting some permission to
customer, I’m creating a role of a trainer, granting some permission
to the trainer, in this case I’m granting it the permission of a customer
so you already see I have two roles and I’m granting permission of one
role to the other role and next I’m granting more permission to the trainer
or more table because in this case on this example trainer can do more than
someone just come to the gym and this is what I wanted to show when I’m creating
a role with a login and a password – it’s basically a user
so the term user is not used here but this is what you can think about as a
user and we have two users here, one is a trainer and one is a customer, so you can
imagine that I can create a complex or a simple hierarchy of roles
each with slightly different permission and I can inherit the permission from a
role to a role, I won’t spend time on the formal syntax of how to create role
and such but you can find it in the documentation and I’m sure
you cannot read that but that’s a table of permissions and objects that you
can either enable or disable the permission per object, an object
is a key space, table, etc. Now it’s pretty similar to those of you familiar with
Oracle or MyCQL or this kind of database, the concept is they’re similar