我有一个节点cassandra集群。我需要的是创建一个用户并添加一些角色。我已经完成了以下数据示例:
CREATE KEYSPACE warehouse WITH REPLICATION = {'class':'SimpleStrategy',
'replication_factor':1};
USE warehouse;
CREATE TABLE addresses (
customer_id bigint,
address_id int,
address text,
PRIMARY KEY (customer_id, address_id)
);
CREATE ROLE supervisor;
GRANT SELECT ON warehouse.addresses TO supervisor;
CREATE ROLE pam WITH PASSWORD = 'password' AND LOGIN = true;
GRANT supervisor TO pam;
因此用户Pam只能从warehouse.addresses中读取。但是,当我使用pam登录并从keyspace1.table中选择与warehouse.addresses不同的数据时,将提供数据:
cqlsh xxx.x.xx.xx -u pam -p password
pam@cqlsh> select from keyspace1.table 1 where id= 1
Pam能够在每个键空间中做所有事情,她扮演超级用户的角色,我不明白为什么。当我列出pam的所有角色和权限时,一切都是正确的,超级用户是假的。
我在dse.yaml中所做的更改是:
authentication_options:
enabled: true
default_scheme: internal
allow_digest_with_kerberos: false
plain_text_without_ssl: warn
transitional_mode: disabled
other_schemes:
scheme_permissions: false
role_management_options:
mode: internal
authorization_options:
enabled: true
transitional_mode: normal
allow_row_level_security: true
cassandra.yaml:
authenticator: com.datastax.bdp.cassandra.auth.DseAuthenticator
authorizer: com.datastax.bdp.cassandra.auth.DseAuthorizer
role_manager: com.datastax.bdp.cassandra.auth.DseRoleManager
答案 0 :(得分:1)
更新了yaml文件后,你重启了DSE吗?
答案 1 :(得分:0)
将transitional_mode配置为' strict'在dse.yaml中的authentication_options和authorization_options中执行节点重启