One trick could be :
Before enabling authorization
1. Give user1 superuser permission temporarily by logging in with
cassandra suer
ALTER ROLE user1 with SUPERUSER=true;
2. Enable authorization and grant permission to user1 for specific operation
GRANT SELECT ON ALL KEYSPACES TO user1;
4. Now remove superuser permission from user1
ALTER ROLE user1 with SUPERUSER=false;
On Thu, May 9, 2019 at 12:34 PM Laxmikant Upadhyay <laxmikant....@gmail.com>
wrote:
> I think you will get below exception while executing GRANT with
> AllowAllAuthorizer
> ServerError: java.lang.UnsupportedOperationException: GRANT operation is
> not supported by AllowAllAuthorizer
>
>
>
> On Thu, May 9, 2019 at 12:07 PM Devaki, Srinivas <me@eightnoteight.space>
> wrote:
>
>> Hi,
>>
>> before changing the configuration from `AllowAllAuthorizer` to
>> `CassandraAuthorizer`, you need to grant enough permissions to the user
>> that allow all the accessed tables by that user. I think that should fix
>> the problem.
>>
>> Thanks
>>
>> On Thu, May 9, 2019 at 12:02 PM Laxmikant Upadhyay <
>> laxmikant....@gmail.com> wrote:
>>
>>> Let's say I have a 3 node cluster on 3.11.4 on which authentication is
>>> enabled but authorization is disabled. It has one non-super login user
>>> 'user1' and default super user 'cassandra'
>>> In cassandra.yaml
>>> authenticator: PasswordAuthenticator
>>> authorizer: AllowAllAuthorizer
>>>
>>> So to enable authorization we change the cassandra.yaml of a node
>>> 'node1' from
>>> authorizer: AllowAllAuthorizer
>>> TO
>>> authorizer: CassandraAuthorizer
>>>
>>> You client application db operations on the node1 starts failing as soon
>>> as the cassandra restarts on that nodewith below error until you run GRANT
>>> operation for user1 after connecting with cassandra user:
>>> UnauthorizedException: User user1 has no SELECT permission on <table
>>> testtable>
>>>
>>> Is there a way to avoid this error at all in the above situation?
>>>
>>> --
>>>
>>> regards,
>>> Laxmikant Upadhyay
>>>
>>>
>
> --
>
> regards,
> Laxmikant Upadhyay
>
>
--
regards,
Laxmikant Upadhyay
