In our interactions with Cassandra in this book, we haven't concerned ourselves with authentication or authorization; whenever we connect to our local Cassandra instance, we're not required to provide any credentials, and there have been no restrictions on what kind of operations we've been able to perform. This is the default configuration for a Cassandra cluster and works well in many scenarios, in particular where network access to the machines running Cassandra is tightly controlled.
In some scenarios, however, it's useful to be able to control access to Cassandra at the database level itself—for instance, when a cluster is shared between multiple tenants or where a large organization needs to restrict access to sensitive data to certain departments or individuals.
For these scenarios, Cassandra does offer a full suite of authentication and authorization functionality; accounts and permissions are configured using CQL. In order to enable authentication and authorization in our development cluster, we will need to make a couple of small changes to the cluster's configuration file, but we'll otherwise be operating in the familiar territory of cqlsh.
By the end of this appendix, you'll be familiar with:
How to configure your cluster to restrict access to authorized users
How to create a user
How to change a user's password
How to grant privileges to a user
How to see the privileges granted to a user
How to revoke privileges from a user
Other steps you may want to take to secure your Cassandra cluster