CREATE ROLE
Synopsis
The CREATE ROLE
statement is used to create a new role that is used to authenticate into YCQL and as a group of permissions used to restrict operations on the database objects. Note that users are specific roles that are login enabled. There is no explicit CREATE USER
command in YCQL.
This statement is enabled by setting the YB-TServer configuration option use_cassandra_authentication
to true
.
Syntax
Diagram
create_role
role_property
Grammar
create_table ::= CREATE ROLE [ IF NOT EXISTS ] role_name [ WITH role_property [ AND role_property ...] ];
role_property ::= PASSWORD = <Text Literal>
| LOGIN = <Boolean Literal>
| SUPERUSER = <Boolean Literal>
Where- role_name
is a text identifier.
Semantics
- An error is raised if
role_name
already exists unless theIF NOT EXISTS
option is used. - By default, a role does not possess the
LOGIN
privilege norSUPERUSER
status. - A role with the
SUPERUSER
status possesses all the permissions on all the objects in the database even though they are not explicitly granted. - Only a role with the
SUPERUSER
status can create anotherSUPERUSER
role. - A role with the
LOGIN
privilege can be used to authenticate into YQL. - Only a client with the permission
CREATE
onALL ROLES
or with theSUPERUSER
status can create another role.
Examples
Create a simple role with no properties
cqlsh:example> CREATE ROLE role1;
Create a SUPERUSER role
cqlsh:example> CREATE ROLE role2 WITH SUPERUSER = true;
Create a regular user with ability to login
You can create a regular user with login privileges as shown below. Note the SUPERUSER
set to false
.
cqlsh:example> CREATE ROLE role3 WITH SUPERUSER = false AND LOGIN = true AND PASSWORD = 'aid8134'
See also
当前内容版权归 YugabyteDB 或其关联方所有,如需对内容或内容相关联开源项目进行关注与资助,请访问 YugabyteDB .