Google Git
Sign in
apache / cassandra-website / refs/heads/asf-staging / . / content / doc / 4.1 / cassandra / operating / security.html
blob: c392af1cb25e4cf8b60963079a30d42d72e99498 [file] [log] [blame]
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width,initial-scale=1.0">
<title>Security | Apache Cassandra Documentation</title>
<link rel="stylesheet" href="../../../../assets/css/site.css">
<link rel="schema.dcterms" href="https://purl.org/dc/terms/">
<meta name="dcterms.subject" content="Cassandra">
<meta name="dcterms.identifier" content="4.1">
<meta name="generator" content="Antora 2.3.4">
<link rel="icon" href="../../../../assets/img/favicon.ico" type="image/x-icon">
<script>
const script = document.createElement("script");
const domain = window.location.hostname;
script.type = "text/javascript";
script.src = "https://plausible.cassandra.apache.org/js/plausible.js";
script.setAttribute("data-domain",domain);
script.setAttribute("defer",'true');
script.setAttribute("async",'true');
document.getElementsByTagName("head")[0].appendChild(script);
</script> </head>
<body class="docs-wrapper article">
<div class="container mx-auto relative">
<script src="https://ajax.googleapis.com/ajax/libs/jquery/3.6.0/jquery.min.js"></script>
<meta property="og:type" content="website" />
<meta property="og:url" content="/" />
<meta property="og:site_name" content="Apache Cassandra" />
<header id="top-nav">
<div class="inner relative">
<div class="header-social-icons text-right">
<a href="https://twitter.com/cassandra?lang=en" target="_blank" styles="margin-left: 20px;"><img src="../../../../assets/img/twitter-icon-circle-white.svg" alt="twitter icon" width="24"></a>
<a href="https://www.linkedin.com/company/apache-cassandra/" target="_blank" styles="margin-left: 20px;"><img src="../../../../assets/img/LI-In-Bug.png" alt="linked-in icon" width="24"></a>
<a href="https://www.youtube.com/c/PlanetCassandra" target="_blank" styles="margin-left: 20px;"><img src="../../../../assets/img/youtube-icon.png" alt="youtube icon" width="24"></a>
</div>
<div class="cf">
<div class="logo left"><a href="/"><img src="../../../../assets/img/logo-white-r.png" alt="Cassandra Logo"></a></div>
<div class="mobile-nav-icon right">
<img class="toggle-icon" src="../../../../assets/img/hamburger-nav.svg">
</div>
<ul class="main-nav nav-links right flex flex-vert-center flex-space-between">
<li>
<a class="nav-link hide-mobile">Get Started</a>
<ul class="sub-menu bg-white">
<li class="pa-micro">
<a href="/_/cassandra-basics.html">
<div class="sub-nav-icon">
<img src="../../../../assets/img/sub-menu-basics.png" alt="cassandra basics icon">
</div>
<div class="sub-nav-text teal py-small">
Cassandra Basics
</div>
</a>
</li>
<li class="pa-micro">
<a href="/_/quickstart.html">
<div class="sub-nav-icon">
<img src="../../../../assets/img/sub-menu-rocket.png" alt="cassandra basics icon">
</div>
<div class="sub-nav-text teal py-small">
Quickstart
</div>
</a>
</li>
<li class="pa-micro">
<a href="/_/ecosystem.html">
<div class="sub-nav-icon">
<img src="../../../../assets/img/sub-menu-ecosystem.png" alt="cassandra basics icon">
</div>
<div class="sub-nav-text teal py-small">
Ecosystem
</div>
</a>
</li>
</ul>
</li>
<li><a class="nav-link" href="/doc/latest/">Documentation</a></li>
<li>
<a class="nav-link" href="/_/community.html">Community</a>
<ul class="sub-menu bg-white">
<li class="pa-micro">
<a href="/_/community.html#code-of-conduct">
<div class="sub-nav-icon">
<img src="../../../../assets/img/sub-menu-welcome.png" alt="welcome icon">
</div>
<div class="sub-nav-text teal py-small">
Welcome
</div>
</a>
</li>
<li class="pa-micro hide-mobile">
<a href="/_/community.html#discussions">
<div class="sub-nav-icon">
<img src="../../../../assets/img/sub-menu-discussions.png" alt="discussions icon">
</div>
<div class="sub-nav-text teal py-small">
Discussions
</div>
</a>
</li>
<li class="pa-micro hide-mobile">
<a href="/_/community.html#project-governance">
<div class="sub-nav-icon">
<img src="../../../../assets/img/sub-menu-governance.png" alt="Governance icon">
</div>
<div class="sub-nav-text teal py-small">
Governance
</div>
</a>
</li>
<li class="pa-micro hide-mobile">
<a href="/_/community.html#how-to-contribute">
<div class="sub-nav-icon">
<img src="../../../../assets/img/sub-menu-contribute.png" alt="Contribute icon">
</div>
<div class="sub-nav-text teal py-small">
Contribute
</div>
</a>
</li>
<li class="pa-micro hide-mobile">
<a href="/_/community.html#meet-the-community">
<div class="sub-nav-icon">
<img src="../../../../assets/img/sub-menu-community.png" alt="Meet the Community icon">
</div>
<div class="sub-nav-text teal py-small">
Meet the Community
</div>
</a>
</li>
<li class="pa-micro hide-mobile">
<a href="/_/cassandra-catalyst-program.html">
<div class="sub-nav-icon">
<img src="../../../../assets/img/sub-menu-catalyst.png" alt="Catalyst icon">
</div>
<div class="sub-nav-text teal py-small">
Catalyst Program
</div>
</a>
</li>
<li class="pa-micro hide-mobile">
<a href="/_/events.html">
<div class="sub-nav-icon">
<img src="../../../../assets/img/sub-menu-events.png" alt="Events icon">
</div>
<div class="sub-nav-text teal py-small">
Events
</div>
</a>
</li>
</ul>
</li>
<li>
<a class="nav-link hide-mobile">Learn</a>
<ul class="sub-menu bg-white">
<li class="pa-micro">
<a href="/_/Apache-Cassandra-5.0-Moving-Toward-an-AI-Driven-Future.html">
<div class="sub-nav-icon">
<img src="../../../../assets/img/sub-menu-basics.png" alt="Basics icon">
</div>
<div class="sub-nav-text teal py-small">
Cassandra 5.0
</div>
</a>
</li>
<li class="pa-micro">
<a href="/_/case-studies.html">
<div class="sub-nav-icon">
<img src="../../../../assets/img/sub-menu-case-study.png" alt="Case Studies icon">
</div>
<div class="sub-nav-text teal py-small">
Case Studies
</div>
</a>
</li>
<li class="pa-micro">
<a href="/_/resources.html">
<div class="sub-nav-icon">
<img src="../../../../assets/img/sub-menu-resources.png" alt="Resources icon">
</div>
<div class="sub-nav-text teal py-small">
Resources
</div>
</a>
</li>
<li class="pa-micro">
<a href="/_/blog.html">
<div class="sub-nav-icon">
<img src="../../../../assets/img/sub-menu-blog.png" alt="Blog icon">
</div>
<div class="sub-nav-text teal py-small">
Blog
</div>
</a>
</li>
</ul>
</li>
<li><a class="nav-link btn btn--filled" href="/_/download.html">Download Now</a></li>
</ul>
</div>
</div>
</header>
<div class="hero hero--home grad">
<div class="eye"></div>
<div id="docs-content" class="text-center flex flex-center flex-column relative z2 ma-xlarge">
<h2>Cassandra Documentation</h2>
</div>
</div>
<div class="body px-medium py-medium container">
<div class="docs-nav-bar flex flex-space-between mb-medium">
<div id="mobile-docs-nav-burger" class="hidden">
<svg viewBox="0 0 24 24" width="36" height="36" stroke="#1c81a0" stroke-width="2.5" fill="none" stroke-linecap="round" stroke-linejoin="round" class="css-i6dzq1"><line x1="3" y1="12" x2="21" y2="12"></line><line x1="3" y1="6" x2="21" y2="6"></line><line x1="3" y1="18" x2="21" y2="18"></line></svg>
</div>
<div class="docs-nav-item relative">
<input id="search-input" type="text" placeholder="Search docs">
</div>
<div class="versions-wrapper">
<h4>Version:</h4>
<div class="nav-panel-explore" data-panel="explore">
<div id="version-toggle" class="context">
<span class="version">4.1</span>
</div>
<ul id="versions-list" class="components">
<li class="component">
<ul class="versions">
<li class="version is-latest">
<a href="../../../../_/index.html">master</a>
</li>
</ul>
</li>
<li class="component is-current">
<ul class="versions">
<li class="version">
<a href="../../../trunk/index.html">trunk</a>
</li>
<li class="version">
<a href="../../../5.0/index.html">5.0</a>
</li>
<li class="version is-current is-latest">
<a href="../../index.html">4.1</a>
</li>
<li class="version">
<a href="../../../4.0/index.html">4.0</a>
</li>
<li class="version">
<a href="../../../3.11/index.html">3.11</a>
</li>
</ul>
</li>
</ul>
</div>
</div> </div>
<div class="cf relative">
<nav class="nav docs-nav full-800">
<div class="nav-menu">
<ul class="nav-list">
<li class="nav-item is-active" data-depth="0">
<ul class="nav-list">
<li class="nav-item" data-depth="1">
<span class="nav-line">
<button class="nav-toggle"></button>
<a class="nav-link" href="../../index.html">Main</a>
</span>
<ul class="nav-list">
<li class="nav-item" data-depth="2">
<span class="nav-line">
<a class="nav-link" href="../../../../_/glossary.html">Glossary</a>
</span>
</li>
<li class="nav-item" data-depth="2">
<span class="nav-line">
<a class="nav-link" href="../../../../_/bugs.html">How to report bugs</a>
</span>
</li>
<li class="nav-item" data-depth="2">
<span class="nav-line">
<a class="nav-link" href="../../../../_/contactus.html">Contact us</a>
</span>
</li>
</ul>
</li>
</ul>
</li>
<li class="nav-item is-active" data-depth="0">
<ul class="nav-list">
<li class="nav-item is-current-path is-active" data-depth="1">
<span class="nav-line">
<button class="nav-toggle"></button>
<span class="nav-text">Cassandra</span>
</span>
<ul class="nav-list">
<li class="nav-item" data-depth="2">
<span class="nav-line">
<button class="nav-toggle"></button>
<a class="nav-link" href="../getting_started/index.html">Getting Started</a>
</span>
<ul class="nav-list">
<li class="nav-item" data-depth="3">
<span class="nav-line">
<a class="nav-link" href="../getting_started/installing.html">Installing Cassandra</a>
</span>
</li>
<li class="nav-item" data-depth="3">
<span class="nav-line">
<a class="nav-link" href="../getting_started/configuring.html">Configuring Cassandra</a>
</span>
</li>
<li class="nav-item" data-depth="3">
<span class="nav-line">
<a class="nav-link" href="../getting_started/querying.html">Inserting and querying</a>
</span>
</li>
<li class="nav-item" data-depth="3">
<span class="nav-line">
<a class="nav-link" href="../getting_started/drivers.html">Client drivers</a>
</span>
</li>
<li class="nav-item" data-depth="3">
<span class="nav-line">
<a class="nav-link" href="../getting_started/java11.html">Support for Java 11</a>
</span>
</li>
<li class="nav-item" data-depth="3">
<span class="nav-line">
<a class="nav-link" href="../getting_started/production.html">Production recommendations</a>
</span>
</li>
</ul>
</li>
<li class="nav-item" data-depth="2">
<span class="nav-line">
<a class="nav-link" href="../new/index.html">What&#8217;s new</a>
</span>
</li>
<li class="nav-item" data-depth="2">
<span class="nav-line">
<button class="nav-toggle"></button>
<a class="nav-link" href="../architecture/index.html">Architecture</a>
</span>
<ul class="nav-list">
<li class="nav-item" data-depth="3">
<span class="nav-line">
<a class="nav-link" href="../architecture/overview.html">Overview</a>
</span>
</li>
<li class="nav-item" data-depth="3">
<span class="nav-line">
<a class="nav-link" href="../architecture/dynamo.html">Dynamo</a>
</span>
</li>
<li class="nav-item" data-depth="3">
<span class="nav-line">
<a class="nav-link" href="../architecture/storage_engine.html">Storage engine</a>
</span>
</li>
<li class="nav-item" data-depth="3">
<span class="nav-line">
<a class="nav-link" href="../architecture/guarantees.html">Guarantees</a>
</span>
</li>
<li class="nav-item" data-depth="3">
<span class="nav-line">
<a class="nav-link" href="../architecture/messaging.html">Improved internode messaging</a>
</span>
</li>
<li class="nav-item" data-depth="3">
<span class="nav-line">
<a class="nav-link" href="../architecture/streaming.html">Improved streaming</a>
</span>
</li>
</ul>
</li>
<li class="nav-item" data-depth="2">
<span class="nav-line">
<button class="nav-toggle"></button>
<a class="nav-link" href="../data_modeling/index.html">Data modeling</a>
</span>
<ul class="nav-list">
<li class="nav-item" data-depth="3">
<span class="nav-line">
<a class="nav-link" href="../data_modeling/intro.html">Introduction</a>
</span>
</li>
<li class="nav-item" data-depth="3">
<span class="nav-line">
<a class="nav-link" href="../data_modeling/data_modeling_conceptual.html">Conceptual data modeling</a>
</span>
</li>
<li class="nav-item" data-depth="3">
<span class="nav-line">
<a class="nav-link" href="../data_modeling/data_modeling_rdbms.html">RDBMS design</a>
</span>
</li>
<li class="nav-item" data-depth="3">
<span class="nav-line">
<a class="nav-link" href="../data_modeling/data_modeling_queries.html">Defining application queries</a>
</span>
</li>
<li class="nav-item" data-depth="3">
<span class="nav-line">
<a class="nav-link" href="../data_modeling/data_modeling_logical.html">Logical data modeling</a>
</span>
</li>
<li class="nav-item" data-depth="3">
<span class="nav-line">
<a class="nav-link" href="../data_modeling/data_modeling_physical.html">Physical data modeling</a>
</span>
</li>
<li class="nav-item" data-depth="3">
<span class="nav-line">
<a class="nav-link" href="../data_modeling/data_modeling_refining.html">Evaluating and refining data models</a>
</span>
</li>
<li class="nav-item" data-depth="3">
<span class="nav-line">
<a class="nav-link" href="../data_modeling/data_modeling_schema.html">Defining database schema</a>
</span>
</li>
<li class="nav-item" data-depth="3">
<span class="nav-line">
<a class="nav-link" href="../data_modeling/data_modeling_tools.html">Cassandra data modeling tools</a>
</span>
</li>
</ul>
</li>
<li class="nav-item" data-depth="2">
<span class="nav-line">
<button class="nav-toggle"></button>
<a class="nav-link" href="../cql/index.html">Cassandra Query Language (CQL)</a>
</span>
<ul class="nav-list">
<li class="nav-item" data-depth="3">
<span class="nav-line">
<a class="nav-link" href="../cql/definitions.html">Definitions</a>
</span>
</li>
<li class="nav-item" data-depth="3">
<span class="nav-line">
<a class="nav-link" href="../cql/types.html">Data types</a>
</span>
</li>
<li class="nav-item" data-depth="3">
<span class="nav-line">
<a class="nav-link" href="../cql/ddl.html">Data definition (DDL)</a>
</span>
</li>
<li class="nav-item" data-depth="3">
<span class="nav-line">
<a class="nav-link" href="../cql/dml.html">Data manipulation (DML)</a>
</span>
</li>
<li class="nav-item" data-depth="3">
<span class="nav-line">
<a class="nav-link" href="../cql/operators.html">Operators</a>
</span>
</li>
<li class="nav-item" data-depth="3">
<span class="nav-line">
<a class="nav-link" href="../cql/indexes.html">Secondary indexes</a>
</span>
</li>
<li class="nav-item" data-depth="3">
<span class="nav-line">
<a class="nav-link" href="../cql/mvs.html">Materialized views</a>
</span>
</li>
<li class="nav-item" data-depth="3">
<span class="nav-line">
<a class="nav-link" href="../cql/functions.html">Functions</a>
</span>
</li>
<li class="nav-item" data-depth="3">
<span class="nav-line">
<a class="nav-link" href="../cql/json.html">JSON</a>
</span>
</li>
<li class="nav-item" data-depth="3">
<span class="nav-line">
<a class="nav-link" href="../cql/security.html">Security</a>
</span>
</li>
<li class="nav-item" data-depth="3">
<span class="nav-line">
<a class="nav-link" href="../cql/triggers.html">Triggers</a>
</span>
</li>
<li class="nav-item" data-depth="3">
<span class="nav-line">
<a class="nav-link" href="../cql/appendices.html">Appendices</a>
</span>
</li>
<li class="nav-item" data-depth="3">
<span class="nav-line">
<a class="nav-link" href="../cql/changes.html">Changes</a>
</span>
</li>
<li class="nav-item" data-depth="3">
<span class="nav-line">
<a class="nav-link" href="../cql/SASI.html">SASI</a>
</span>
</li>
<li class="nav-item" data-depth="3">
<span class="nav-line">
<a class="nav-link" href="../cql/cql_singlefile.html">Single file of CQL information</a>
</span>
</li>
</ul>
</li>
<li class="nav-item" data-depth="2">
<span class="nav-line">
<button class="nav-toggle"></button>
<a class="nav-link" href="../configuration/index.html">Configuration</a>
</span>
<ul class="nav-list">
<li class="nav-item" data-depth="3">
<span class="nav-line">
<a class="nav-link" href="../configuration/cass_yaml_file.html">cassandra.yaml</a>
</span>
</li>
<li class="nav-item" data-depth="3">
<span class="nav-line">
<a class="nav-link" href="../configuration/cass_rackdc_file.html">cassandra-rackdc.properties</a>
</span>
</li>
<li class="nav-item" data-depth="3">
<span class="nav-line">
<a class="nav-link" href="../configuration/cass_env_sh_file.html">cassandra-env.sh</a>
</span>
</li>
<li class="nav-item" data-depth="3">
<span class="nav-line">
<a class="nav-link" href="../configuration/cass_topo_file.html">cassandra-topologies.properties</a>
</span>
</li>
<li class="nav-item" data-depth="3">
<span class="nav-line">
<a class="nav-link" href="../configuration/cass_cl_archive_file.html">commitlog-archiving.properties</a>
</span>
</li>
<li class="nav-item" data-depth="3">
<span class="nav-line">
<a class="nav-link" href="../configuration/cass_logback_xml_file.html">logback.xml</a>
</span>
</li>
<li class="nav-item" data-depth="3">
<span class="nav-line">
<a class="nav-link" href="../configuration/cass_jvm_options_file.html">jvm-* files</a>
</span>
</li>
<li class="nav-item" data-depth="3">
<span class="nav-line">
<a class="nav-link" href="../configuration/configuration.html">Liberating cassandra.yaml Parameters' Names from Their Units</a>
</span>
</li>
</ul>
</li>
<li class="nav-item is-current-path is-active" data-depth="2">
<span class="nav-line">
<button class="nav-toggle"></button>
<a class="nav-link" href="index.html">Operating</a>
</span>
<ul class="nav-list">
<li class="nav-item" data-depth="3">
<span class="nav-line">
<a class="nav-link" href="#operating/snitch.adoc">Snitches</a>
</span>
</li>
<li class="nav-item" data-depth="3">
<span class="nav-line">
<a class="nav-link" href="topo_changes.html">Topology changes</a>
</span>
</li>
<li class="nav-item" data-depth="3">
<span class="nav-line">
<a class="nav-link" href="repair.html">Repair</a>
</span>
</li>
<li class="nav-item" data-depth="3">
<span class="nav-line">
<a class="nav-link" href="read_repair.html">Read repair</a>
</span>
</li>
<li class="nav-item" data-depth="3">
<span class="nav-line">
<a class="nav-link" href="hints.html">Hints</a>
</span>
</li>
<li class="nav-item" data-depth="3">
<span class="nav-line">
<a class="nav-link" href="bloom_filters.html">Bloom filters</a>
</span>
</li>
<li class="nav-item" data-depth="3">
<span class="nav-line">
<a class="nav-link" href="compression.html">Compression</a>
</span>
</li>
<li class="nav-item" data-depth="3">
<span class="nav-line">
<a class="nav-link" href="cdc.html">Change Data Capture (CDC)</a>
</span>
</li>
<li class="nav-item" data-depth="3">
<span class="nav-line">
<a class="nav-link" href="backups.html">Backups</a>
</span>
</li>
<li class="nav-item" data-depth="3">
<span class="nav-line">
<a class="nav-link" href="bulk_loading.html">Bulk loading</a>
</span>
</li>
<li class="nav-item" data-depth="3">
<span class="nav-line">
<a class="nav-link" href="metrics.html">Metrics</a>
</span>
</li>
<li class="nav-item is-current-page is-active" data-depth="3">
<span class="nav-line">
<a class="nav-link" href="security.html">Security</a>
</span>
</li>
<li class="nav-item" data-depth="3">
<span class="nav-line">
<a class="nav-link" href="hardware.html">Hardware</a>
</span>
</li>
<li class="nav-item" data-depth="3">
<span class="nav-line">
<a class="nav-link" href="compaction/index.html">Compaction</a>
</span>
</li>
<li class="nav-item" data-depth="3">
<span class="nav-line">
<a class="nav-link" href="virtualtables.html">Virtual tables</a>
</span>
</li>
<li class="nav-item" data-depth="3">
<span class="nav-line">
<a class="nav-link" href="auditlogging.html">Audit logging</a>
</span>
</li>
<li class="nav-item" data-depth="3">
<span class="nav-line">
<a class="nav-link" href="audit_logging.html">Audit logging 2</a>
</span>
</li>
<li class="nav-item" data-depth="3">
<span class="nav-line">
<a class="nav-link" href="fqllogging.html">Full query logging</a>
</span>
</li>
<li class="nav-item" data-depth="3">
<span class="nav-line">
<a class="nav-link" href="transientreplication.html">Transient replication</a>
</span>
</li>
</ul>
</li>
<li class="nav-item" data-depth="2">
<span class="nav-line">
<button class="nav-toggle"></button>
<a class="nav-link" href="../tools/index.html">Tools</a>
</span>
<ul class="nav-list">
<li class="nav-item" data-depth="3">
<span class="nav-line">
<a class="nav-link" href="../tools/cqlsh.html">cqlsh: the CQL shell</a>
</span>
</li>
<li class="nav-item" data-depth="3">
<span class="nav-line">
<a class="nav-link" href="../tools/nodetool/nodetool.html">nodetool</a>
</span>
</li>
<li class="nav-item" data-depth="3">
<span class="nav-line">
<a class="nav-link" href="../tools/sstable/index.html">SSTable tools</a>
</span>
</li>
<li class="nav-item" data-depth="3">
<span class="nav-line">
<a class="nav-link" href="../tools/cassandra_stress.html">cassandra-stress</a>
</span>
</li>
</ul>
</li>
<li class="nav-item" data-depth="2">
<span class="nav-line">
<button class="nav-toggle"></button>
<a class="nav-link" href="../troubleshooting/index.html">Troubleshooting</a>
</span>
<ul class="nav-list">
<li class="nav-item" data-depth="3">
<span class="nav-line">
<a class="nav-link" href="../troubleshooting/finding_nodes.html">Finding misbehaving nodes</a>
</span>
</li>
<li class="nav-item" data-depth="3">
<span class="nav-line">
<a class="nav-link" href="../troubleshooting/reading_logs.html">Reading Cassandra logs</a>
</span>
</li>
<li class="nav-item" data-depth="3">
<span class="nav-line">
<a class="nav-link" href="../troubleshooting/use_nodetool.html">Using nodetool</a>
</span>
</li>
<li class="nav-item" data-depth="3">
<span class="nav-line">
<a class="nav-link" href="../troubleshooting/use_tools.html">Using external tools to deep-dive</a>
</span>
</li>
</ul>
</li>
<li class="nav-item" data-depth="2">
<span class="nav-line">
<button class="nav-toggle"></button>
<a class="nav-link" href="../../../../_/development/index.html">Development</a>
</span>
<ul class="nav-list">
<li class="nav-item" data-depth="3">
<span class="nav-line">
<a class="nav-link" href="../../../../_/development/gettingstarted.html">Getting started</a>
</span>
</li>
<li class="nav-item" data-depth="3">
<span class="nav-line">
<a class="nav-link" href="../../../../_/development/ide.html">Building and IDE integration</a>
</span>
</li>
<li class="nav-item" data-depth="3">
<span class="nav-line">
<a class="nav-link" href="../../../../_/development/testing.html">Testing</a>
</span>
</li>
<li class="nav-item" data-depth="3">
<span class="nav-line">
<a class="nav-link" href="../../../../_/development/patches.html">Contributing code changes</a>
</span>
</li>
<li class="nav-item" data-depth="3">
<span class="nav-line">
<a class="nav-link" href="../../../../_/development/code_style.html">Code style</a>
</span>
</li>
<li class="nav-item" data-depth="3">
<span class="nav-line">
<a class="nav-link" href="../../../../_/development/how_to_review.html">Review checklist</a>
</span>
</li>
<li class="nav-item" data-depth="3">
<span class="nav-line">
<a class="nav-link" href="../../../../_/development/how_to_commit.html">How to commit</a>
</span>
</li>
<li class="nav-item" data-depth="3">
<span class="nav-line">
<a class="nav-link" href="../../../../_/development/documentation.html">Working on documentation</a>
</span>
</li>
<li class="nav-item" data-depth="3">
<span class="nav-line">
<a class="nav-link" href="../../../../_/development/ci.html">Jenkins CI environment</a>
</span>
</li>
<li class="nav-item" data-depth="3">
<span class="nav-line">
<a class="nav-link" href="../../../../_/development/dependencies.html">Dependency management</a>
</span>
</li>
<li class="nav-item" data-depth="3">
<span class="nav-line">
<a class="nav-link" href="../../../../_/development/release_process.html">Release process</a>
</span>
</li>
</ul>
</li>
<li class="nav-item" data-depth="2">
<span class="nav-line">
<a class="nav-link" href="../faq/index.html">FAQ</a>
</span>
</li>
<li class="nav-item" data-depth="2">
<span class="nav-line">
<a class="nav-link" href="../plugins/index.html">Plug-ins</a>
</span>
</li>
</ul>
</li>
</ul>
</li>
</ul>
</div>
</nav>
<aside class="toc sidebar">
<div class="toc-menu"></div>
</aside>
<main class="article default-main full-800" data-ceiling="topbar">
<div class="article-header">
<nav class="crumbs" aria-label="breadcrumbs">
<ul>
<li class="crumb">Cassandra</li>
<li class="crumb"><a href="index.html">Operating</a></li>
<li class="crumb"><a href="security.html">Security</a></li>
</ul>
</nav>
<div class="tools" role="navigation">
<ul>
<li class="tool edit"><a href="https://github.com/apache/cassandra/edit/cassandra-4.1/doc/modules/cassandra/pages/operating/security.adoc" title="Edit Page" target="_blank" rel="noopener">Edit</a></li>
</ul>
</div>
</div>
<article class="doc">
<h1 class="page">Security</h1>
<div id="preamble">
<div class="sectionbody">
<div class="paragraph">
<p>There are three main components to the security features provided by
Cassandra:</p>
</div>
<div class="ulist">
<ul>
<li>
<p>TLS/SSL encryption for client and inter-node communication</p>
</li>
<li>
<p>Client authentication</p>
</li>
<li>
<p>Authorization</p>
</li>
</ul>
</div>
<div class="paragraph">
<p>By default, these features are disabled as Cassandra is configured to
easily find and be found by other members of a cluster. In other words,
an out-of-the-box Cassandra installation presents a large attack surface
for a bad actor. Enabling authentication for clients using the binary
protocol is not sufficient to protect a cluster. Malicious users able to
access internode communication and JMX ports can still:</p>
</div>
<div class="ulist">
<ul>
<li>
<p>Craft internode messages to insert users into authentication schema</p>
</li>
<li>
<p>Craft internode messages to truncate or drop schema</p>
</li>
<li>
<p>Use tools such as <code>sstableloader</code> to overwrite <code>system_auth</code> tables</p>
</li>
<li>
<p>Attach to the cluster directly to capture write traffic</p>
</li>
</ul>
</div>
<div class="paragraph">
<p>Correct configuration of all three security components should negate
theses vectors. Therefore, understanding Cassandra&#8217;s security features
is crucial to configuring your cluster to meet your security needs.</p>
</div>
</div>
</div>
<div class="sect1">
<h2 id="tlsssl-encryption"><a class="anchor" href="#tlsssl-encryption"></a>TLS/SSL Encryption</h2>
<div class="sectionbody">
<div class="paragraph">
<p>Cassandra provides secure communication between a client machine and a
database cluster and between nodes within a cluster. Enabling encryption
ensures that data in flight is not compromised and is transferred
securely. The options for client-to-node and node-to-node encryption are
managed separately and may be configured independently.</p>
</div>
<div class="paragraph">
<p>In both cases, the JVM defaults for supported protocols and cipher
suites are used when encryption is enabled. These can be overidden using
the settings in <code>cassandra.yaml</code>, but this is not recommended unless
there are policies in place which dictate certain settings or a need to
disable vulnerable ciphers or protocols in cases where the JVM cannot be
updated.</p>
</div>
<div class="paragraph">
<p>FIPS compliant settings can be configured at the JVM level and should
not involve changing encryption settings in cassandra.yaml. See
<a href="https://docs.oracle.com/javase/8/docs/technotes/guides/security/jsse/FIPS.html">the
java document on FIPS</a> for more details.</p>
</div>
<div class="paragraph">
<p>Cassandra provides flexibility of using Java based key material or
completely customizing the SSL context. You can choose any keystore
format supported by Java (JKS, PKCS12 etc) as well as other standards
like PEM. You can even customize the SSL context creation to use Cloud
Native technologies like Kuberenetes Secrets for storing the key
material or to integrate with your in-house Key Management System.</p>
</div>
<div class="paragraph">
<p>For information on generating the keystore and truststore files
required with the Java supported keystores used in SSL communications,
see the
<a href="http://download.oracle.com/javase/6/docs/technotes/guides/security/jsse/JSSERefGuide.html#CreateKeystore">java
documentation on creating keystores</a>.</p>
</div>
<div class="paragraph">
<p>For customizing the SSL context creation you can implement
<a href="https://github.com/apache/cassandra/blob/trunk/src/java/org/apache/cassandra/security/ISslContextFactory.java">ISslContextCreationFactory</a>
interface or extend one of its public subclasses appropriately. You
can then use the <code>ssl_context_factory</code> setting for
<code>server_encryption_options</code> or <code>client_encryption_options</code> sections
appropriately. See <a href="https://github.com/apache/cassandra/tree/trunk/examples/ssl-factory">ssl-factory examples</a>
for details. Refer to the below class diagram to understand the
class hierarchy.</p>
</div>
<div class="imageblock">
<div class="content">
<img src="../_images/cassandra_ssl_context_factory_pem.png" alt="image">
</div>
</div>
<div class="sect2">
<h3 id="using-pem-based-key-material"><a class="anchor" href="#using-pem-based-key-material"></a>Using PEM based key material</h3>
<div class="paragraph">
<p>You can use the in-built class <code>PEMBasedSSLContextFactory</code> as the
<code>ssl_context_factory</code> setting for the PEM based key material.</p>
</div>
<div class="paragraph">
<p>You can configure this factory with either inline PEM data or with the
files having the required PEM data as shown below,</p>
</div>
<div class="ulist">
<ul>
<li>
<p>Configuration: PEM keys/certs defined in-line (mind the spaces in the
YAML!)</p>
</li>
</ul>
</div>
<div class="literalblock">
<div class="content">
<pre> client/server_encryption_options:
ssl_context_factory:
class_name: org.apache.cassandra.security.PEMBasedSslContextFactory
parameters:
private_key: |
-----BEGIN ENCRYPTED PRIVATE KEY----- OR -----BEGIN PRIVATE KEY-----
&lt;your base64 encoded private key&gt;
-----END ENCRYPTED PRIVATE KEY----- OR -----END PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
&lt;your base64 encoded certificate chain&gt;
-----END CERTIFICATE-----
private_key_password: "&lt;your password if the private key is encrypted with a password&gt;"
trusted_certificates: |
-----BEGIN CERTIFICATE-----
&lt;your base64 encoded certificate&gt;
-----END CERTIFICATE-----</pre>
</div>
</div>
<div class="ulist">
<ul>
<li>
<p>Configuration: PEM keys/certs defined in files</p>
</li>
</ul>
</div>
<div class="literalblock">
<div class="content">
<pre> client/server_encryption_options:
ssl_context_factory:
class_name: org.apache.cassandra.security.PEMBasedSslContextFactory
keystore: &lt;file path to the keystore file in the PEM format with the private key and the certificate chain&gt;
keystore_password: "&lt;your password if the private key is encrypted with a password&gt;"
truststore: &lt;file path to the truststore file in the PEM format&gt;</pre>
</div>
</div>
</div>
</div>
</div>
<div class="sect1">
<h2 id="ssl-certificate-hot-reloading"><a class="anchor" href="#ssl-certificate-hot-reloading"></a>SSL Certificate Hot Reloading</h2>
<div class="sectionbody">
<div class="paragraph">
<p>Beginning with Cassandra 4, Cassandra supports hot reloading of SSL
Certificates. If SSL/TLS support is enabled in Cassandra and you are
using default file based key material, the node periodically (every
10 minutes) polls the Trust and Key Stores specified in
cassandra.yaml. When the files are updated, Cassandra will reload
them and use them for subsequent connections. Please note that the
Trust &amp; Key Store passwords are part of the yaml so the updated files
should also use the same passwords.</p>
</div>
<div class="paragraph">
<p>If you are customizing the SSL configuration via <code>ssl_context_factory</code>
setting, Cassandra polls (at the same periodic interval mentioned above)
your implementation to check if the SSL certificates need to be
reloaded. See the <a href="https://github.com/apache/cassandra/blob/trunk/src/java/org/apache/cassandra/security/ISslContextFactory.java#L90">ISslContextFactory</a> documentation for more details.
If you are using one of the Cassandra&#8217;s in-built SSL context factory
class (example: PEMBasedSslContextFactory) with file based key
material, it supports the hot reloading of the SSL certificates like
mentioned above.</p>
</div>
<div class="paragraph">
<p>Certificate Hot reloading may also be triggered using the
<code>nodetool reloadssl</code> command. Use this if you want to Cassandra to
immediately notice the changed certificates.</p>
</div>
<div class="sect2">
<h3 id="inter-node-encryption"><a class="anchor" href="#inter-node-encryption"></a>Inter-node Encryption</h3>
<div class="paragraph">
<p>The settings for managing inter-node encryption are found in
<code>cassandra.yaml</code> in the <code>server_encryption_options</code> section. To enable
inter-node encryption, change the <code>internode_encryption</code> setting from
its default value of <code>none</code> to one value from: <code>rack</code>, <code>dc</code> or <code>all</code>.</p>
</div>
</div>
<div class="sect2">
<h3 id="client-to-node-encryption"><a class="anchor" href="#client-to-node-encryption"></a>Client to Node Encryption</h3>
<div class="paragraph">
<p>The settings for managing client to node encryption are found in
<code>cassandra.yaml</code> in the <code>client_encryption_options</code> section. There are
two primary toggles here for enabling encryption, <code>enabled</code> and
<code>optional</code>.</p>
</div>
<div class="ulist">
<ul>
<li>
<p>If neither is set to <code>true</code>, client connections are entirely
unencrypted.</p>
</li>
<li>
<p>If <code>enabled</code> is set to <code>true</code> and <code>optional</code> is set to <code>false</code>, all
client connections must be secured.</p>
</li>
<li>
<p>If both options are set to <code>true</code>, both encrypted and unencrypted
connections are supported using the same port. Client connections using
encryption with this configuration will be automatically detected and
handled by the server.</p>
</li>
</ul>
</div>
<div class="paragraph">
<p>As an alternative to the <code>optional</code> setting, separate ports can also be
configured for secure and unsecure connections where operational
requirements demand it. To do so, set <code>optional</code> to false and use the
<code>native_transport_port_ssl</code> setting in <code>cassandra.yaml</code> to specify the
port to be used for secure client communication.</p>
</div>
</div>
</div>
</div>
<div class="sect1">
<h2 id="operation-roles"><a class="anchor" href="#operation-roles"></a>Roles</h2>
<div class="sectionbody">
<div class="paragraph">
<p>Cassandra uses database roles, which may represent either a single user
or a group of users, in both authentication and permissions management.
Role management is an extension point in Cassandra and may be configured
using the <code>role_manager</code> setting in <code>cassandra.yaml</code>. The default
setting uses <code>CassandraRoleManager</code>, an implementation which stores role
information in the tables of the <code>system_auth</code> keyspace.</p>
</div>
<div class="paragraph">
<p>See also the <a href="../cql/security.html#database-roles" class="page"><code>CQL documentation on roles</code></a>.</p>
</div>
</div>
</div>
<div class="sect1">
<h2 id="authentication"><a class="anchor" href="#authentication"></a>Authentication</h2>
<div class="sectionbody">
<div class="paragraph">
<p>Authentication is pluggable in Cassandra and is configured using the
<code>authenticator</code> setting in <code>cassandra.yaml</code>. Cassandra ships with two
options included in the default distribution.</p>
</div>
<div class="paragraph">
<p>By default, Cassandra is configured with <code>AllowAllAuthenticator</code> which
performs no authentication checks and therefore requires no credentials.
It is used to disable authentication completely. Note that
authentication is a necessary condition of Cassandra&#8217;s permissions
subsystem, so if authentication is disabled, effectively so are
permissions.</p>
</div>
<div class="paragraph">
<p>The default distribution also includes <code>PasswordAuthenticator</code>, which
stores encrypted credentials in a system table. This can be used to
enable simple username/password authentication.</p>
</div>
<div class="sect2">
<h3 id="password-authentication"><a class="anchor" href="#password-authentication"></a>Enabling Password Authentication</h3>
<div class="paragraph">
<p>Before enabling client authentication on the cluster, client
applications should be pre-configured with their intended credentials.
When a connection is initiated, the server will only ask for credentials
once authentication is enabled, so setting up the client side config in
advance is safe. In contrast, as soon as a server has authentication
enabled, any connection attempt without proper credentials will be
rejected which may cause availability problems for client applications.
Once clients are setup and ready for authentication to be enabled,
follow this procedure to enable it on the cluster.</p>
</div>
<div class="paragraph">
<p>Pick a single node in the cluster on which to perform the initial
configuration. Ideally, no clients should connect to this node during
the setup process, so you may want to remove it from client config,
block it at the network level or possibly add a new temporary node to
the cluster for this purpose. On that node, perform the following steps:</p>
</div>
<div class="olist arabic">
<ol class="arabic">
<li>
<p>Open a <code>cqlsh</code> session and change the replication factor of the
<code>system_auth</code> keyspace. By default, this keyspace uses
<code>SimpleReplicationStrategy</code> and a <code>replication_factor</code> of 1. It is
recommended to change this for any non-trivial deployment to ensure that
should nodes become unavailable, login is still possible. Best practice
is to configure a replication factor of 3 to 5 per-DC.</p>
</li>
</ol>
</div>
<div class="listingblock">
<div class="content">
<pre class="highlightjs highlight"><code class="language-cql hljs" data-lang="cql">ALTER KEYSPACE system_auth WITH replication = {'class': 'NetworkTopologyStrategy', 'DC1': 3, 'DC2': 3};</code></pre>
</div>
</div>
<div class="olist arabic">
<ol class="arabic" start="2">
<li>
<p>Edit <code>cassandra.yaml</code> to change the <code>authenticator</code> option like so:</p>
</li>
</ol>
</div>
<div class="listingblock">
<div class="content">
<pre class="highlightjs highlight"><code class="language-yaml hljs" data-lang="yaml">authenticator: PasswordAuthenticator</code></pre>
</div>
</div>
<div class="olist arabic">
<ol class="arabic" start="3">
<li>
<p>Restart the node.</p>
</li>
<li>
<p>Open a new <code>cqlsh</code> session using the credentials of the default
superuser:</p>
</li>
</ol>
</div>
<div class="listingblock">
<div class="content">
<pre class="highlightjs highlight"><code class="language-bash hljs" data-lang="bash">$ cqlsh -u cassandra -p cassandra</code></pre>
</div>
</div>
<div class="olist arabic">
<ol class="arabic" start="5">
<li>
<p>During login, the credentials for the default superuser are read with
a consistency level of <code>QUORUM</code>, whereas those for all other users
(including superusers) are read at <code>LOCAL_ONE</code>. In the interests of
performance and availability, as well as security, operators should
create another superuser and disable the default one. This step is
optional, but highly recommended. While logged in as the default
superuser, create another superuser role which can be used to bootstrap
further configuration.</p>
</li>
</ol>
</div>
<div class="listingblock">
<div class="content">
<pre class="highlightjs highlight"><code class="language-cql hljs" data-lang="cql"># create a new superuser
CREATE ROLE dba WITH SUPERUSER = true AND LOGIN = true AND PASSWORD = 'super';</code></pre>
</div>
</div>
<div class="olist arabic">
<ol class="arabic" start="6">
<li>
<p>Start a new cqlsh session, this time logging in as the new_superuser
and disable the default superuser.</p>
</li>
</ol>
</div>
<div class="listingblock">
<div class="content">
<pre class="highlightjs highlight"><code class="language-cql hljs" data-lang="cql">ALTER ROLE cassandra WITH SUPERUSER = false AND LOGIN = false;</code></pre>
</div>
</div>
<div class="olist arabic">
<ol class="arabic" start="7">
<li>
<p>Finally, set up the roles and credentials for your application users
with <a href="../cql/security.html#create-role" class="page"><code>CREATE ROLE</code></a> statements.</p>
</li>
</ol>
</div>
<div class="paragraph">
<p>At the end of these steps, the one node is configured to use password
authentication. To roll that out across the cluster, repeat steps 2 and
3 on each node in the cluster. Once all nodes have been restarted,
authentication will be fully enabled throughout the cluster.</p>
</div>
<div class="paragraph">
<p>Note that using <code>PasswordAuthenticator</code> also requires the use of
<a href="../cql/security.html#operation-roles" class="page"><code>CassandraRoleManager</code></a>.</p>
</div>
<div class="paragraph">
<p>See also: <code>setting-credentials-for-internal-authentication</code>,
<a href="../cql/security.html#create-role" class="page"><code>CREATE ROLE</code></a>,
<a href="../cql/security.html#alter-role" class="page"><code>ALTER ROLE</code></a>,
<a href="#xref:cql/security.adoc#alter-keyspace" class="page unresolved"><code>ALTER KEYSPACE</code></a> and
<a href="../cql/security.html#grant-permission" class="page"><code>GRANT PERMISSION</code></a>.</p>
</div>
</div>
</div>
</div>
<div class="sect1">
<h2 id="authorization"><a class="anchor" href="#authorization"></a>Authorization</h2>
<div class="sectionbody">
<div class="paragraph">
<p>Authorization is pluggable in Cassandra and is configured using the
<code>authorizer</code> setting in <code>cassandra.yaml</code>. Cassandra ships with two
options included in the default distribution.</p>
</div>
<div class="paragraph">
<p>By default, Cassandra is configured with <code>AllowAllAuthorizer</code> which
performs no checking and so effectively grants all permissions to all
roles. This must be used if <code>AllowAllAuthenticator</code> is the configured
authenticator.</p>
</div>
<div class="paragraph">
<p>The default distribution also includes <code>CassandraAuthorizer</code>, which does
implement full permissions management functionality and stores its data
in Cassandra system tables.</p>
</div>
<div class="sect2">
<h3 id="enabling-internal-authorization"><a class="anchor" href="#enabling-internal-authorization"></a>Enabling Internal Authorization</h3>
<div class="paragraph">
<p>Permissions are modelled as a whitelist, with the default assumption
that a given role has no access to any database resources. The
implication of this is that once authorization is enabled on a node, all
requests will be rejected until the required permissions have been
granted. For this reason, it is strongly recommended to perform the
initial setup on a node which is not processing client requests.</p>
</div>
<div class="paragraph">
<p>The following assumes that authentication has already been enabled via
the process outlined in <code>password-authentication</code>. Perform these steps
to enable internal authorization across the cluster:</p>
</div>
<div class="olist arabic">
<ol class="arabic">
<li>
<p>On the selected node, edit <code>cassandra.yaml</code> to change the <code>authorizer</code>
option like so:</p>
</li>
</ol>
</div>
<div class="listingblock">
<div class="content">
<pre class="highlightjs highlight"><code class="language-yaml hljs" data-lang="yaml">authorizer: CassandraAuthorizer</code></pre>
</div>
</div>
<div class="olist arabic">
<ol class="arabic" start="2">
<li>
<p>Restart the node.</p>
</li>
<li>
<p>Open a new <code>cqlsh</code> session using the credentials of a role with
superuser credentials:</p>
</li>
</ol>
</div>
<div class="listingblock">
<div class="content">
<pre class="highlightjs highlight"><code class="language-bash hljs" data-lang="bash">$ cqlsh -u dba -p super</code></pre>
</div>
</div>
<div class="olist arabic">
<ol class="arabic" start="4">
<li>
<p>Configure the appropriate access privileges for your clients using
<a href="cql.html#grant-permission">GRANT PERMISSION</a> statements. On the
other nodes, until configuration is updated and the node restarted, this
will have no effect so disruption to clients is avoided.</p>
</li>
</ol>
</div>
<div class="listingblock">
<div class="content">
<pre class="highlightjs highlight"><code class="language-cql hljs" data-lang="cql">GRANT SELECT ON ks.t1 TO db_user;</code></pre>
</div>
</div>
<div class="olist arabic">
<ol class="arabic" start="5">
<li>
<p>Once all the necessary permissions have been granted, repeat steps 1
and 2 for each node in turn. As each node restarts and clients
reconnect, the enforcement of the granted permissions will begin.</p>
</li>
</ol>
</div>
<div class="paragraph">
<p>See also: <a href="../cql/security.html#grant-permission" class="page"><code>GRANT PERMISSION</code></a>,
<a href="../cql/security.html#grant-all" class="page"><code>GRANT ALL</code></a> and
<a href="../cql/security.html#revoke-permission" class="page"><code>REVOKE PERMISSION</code></a>.</p>
</div>
</div>
</div>
</div>
<div class="sect1">
<h2 id="auth-caching"><a class="anchor" href="#auth-caching"></a>Caching</h2>
<div class="sectionbody">
<div class="paragraph">
<p>Enabling authentication and authorization places additional load on the
cluster by frequently reading from the <code>system_auth</code> tables.
Furthermore, these reads are in the critical paths of many client
operations, and so has the potential to severely impact quality of
service. To mitigate this, auth data such as credentials, permissions
and role details are cached for a configurable period. The caching can
be configured (and even disabled) from <code>cassandra.yaml</code> or using a JMX
client. The JMX interface also supports invalidation of the various
caches, but any changes made via JMX are not persistent and will be
re-read from <code>cassandra.yaml</code> when the node is restarted.</p>
</div>
<div class="paragraph">
<p>Each cache has 3 options which can be set:</p>
</div>
<div class="dlist">
<dl>
<dt class="hdlist1">Validity Period</dt>
<dd>
<p>Controls the expiration of cache entries. After this period, entries
are invalidated and removed from the cache.</p>
</dd>
<dt class="hdlist1">Refresh Rate</dt>
<dd>
<p>Controls the rate at which background reads are performed to pick up
any changes to the underlying data. While these async refreshes are
performed, caches will continue to serve (possibly) stale data.
Typically, this will be set to a shorter time than the validity
period.</p>
</dd>
<dt class="hdlist1">Max Entries</dt>
<dd>
<p>Controls the upper bound on cache size.</p>
</dd>
</dl>
</div>
<div class="paragraph">
<p>The naming for these options in <code>cassandra.yaml</code> follows the convention:</p>
</div>
<div class="ulist">
<ul>
<li>
<p><code>&lt;type&gt;_validity_in_ms</code></p>
</li>
<li>
<p><code>&lt;type&gt;_update_interval_in_ms</code></p>
</li>
<li>
<p><code>&lt;type&gt;_cache_max_entries</code></p>
</li>
</ul>
</div>
<div class="paragraph">
<p>Where <code>&lt;type&gt;</code> is one of <code>credentials</code>, <code>permissions</code>, or <code>roles</code>.</p>
</div>
<div class="paragraph">
<p>As mentioned, these are also exposed via JMX in the mbeans under the
<code>org.apache.cassandra.auth</code> domain.</p>
</div>
</div>
</div>
<div class="sect1">
<h2 id="jmx-access"><a class="anchor" href="#jmx-access"></a>JMX access</h2>
<div class="sectionbody">
<div class="paragraph">
<p>Access control for JMX clients is configured separately to that for CQL.
For both authentication and authorization, two providers are available;
the first based on standard JMX security and the second which integrates
more closely with Cassandra&#8217;s own auth subsystem.</p>
</div>
<div class="paragraph">
<p>The default settings for Cassandra make JMX accessible only from
localhost. To enable remote JMX connections, edit <code>cassandra-env.sh</code>
to change the <code>LOCAL_JMX</code> setting to
<code>no</code>. Under the standard configuration, when remote JMX connections are
enabled, <code>standard JMX authentication &lt;standard-jmx-auth&gt;</code> is also
switched on.</p>
</div>
<div class="paragraph">
<p>Note that by default, local-only connections are not subject to
authentication, but this can be enabled.</p>
</div>
<div class="paragraph">
<p>If enabling remote connections, it is recommended to also use
<a href="#jmx-with-ssl"><code>SSL</code></a> connections.</p>
</div>
<div class="paragraph">
<p>Finally, after enabling auth and/or SSL, ensure that tools which use
JMX, such as <a href="#tools/nodetool/nodetools.adoc" class="page unresolved"><code>nodetool</code></a> are correctly configured and working
as expected.</p>
</div>
<div class="sect2">
<h3 id="standard-jmx-auth"><a class="anchor" href="#standard-jmx-auth"></a>Standard JMX Auth</h3>
<div class="paragraph">
<p>Users permitted to connect to the JMX server are specified in a simple
text file. The location of this file is set in <code>cassandra-env.sh</code> by the
line:</p>
</div>
<div class="listingblock">
<div class="content">
<pre class="highlightjs highlight"><code class="language-bash hljs" data-lang="bash">JVM_OPTS="$JVM_OPTS -Dcom.sun.management.jmxremote.password.file=/etc/cassandra/jmxremote.password"</code></pre>
</div>
</div>
<div class="paragraph">
<p>Edit the password file to add username/password pairs:</p>
</div>
<div class="listingblock">
<div class="content">
<pre class="highlightjs highlight"><code class="language-none hljs" data-lang="none">jmx_user jmx_password</code></pre>
</div>
</div>
<div class="paragraph">
<p>Secure the credentials file so that only the user running the Cassandra
process can read it :</p>
</div>
<div class="listingblock">
<div class="content">
<pre class="highlightjs highlight"><code class="language-bash hljs" data-lang="bash">$ chown cassandra:cassandra /etc/cassandra/jmxremote.password
$ chmod 400 /etc/cassandra/jmxremote.password</code></pre>
</div>
</div>
<div class="paragraph">
<p>Optionally, enable access control to limit the scope of what defined
users can do via JMX. Note that this is a fairly blunt instrument in
this context as most operational tools in Cassandra require full
read/write access. To configure a simple access file, uncomment this
line in <code>cassandra-env.sh</code>:</p>
</div>
<div class="listingblock">
<div class="content">
<pre class="highlightjs highlight"><code class="language-bash hljs" data-lang="bash">#JVM_OPTS="$JVM_OPTS -Dcom.sun.management.jmxremote.access.file=/etc/cassandra/jmxremote.access"</code></pre>
</div>
</div>
<div class="paragraph">
<p>Then edit the access file to grant your JMX user readwrite permission:</p>
</div>
<div class="listingblock">
<div class="content">
<pre class="highlightjs highlight"><code class="language-none hljs" data-lang="none">jmx_user readwrite</code></pre>
</div>
</div>
<div class="paragraph">
<p>Cassandra must be restarted to pick up the new settings.</p>
</div>
<div class="paragraph">
<p>See also :
<a href="http://docs.oracle.com/javase/7/docs/technotes/guides/management/agent.html#gdenv">Using
File-Based Password Authentication In JMX</a></p>
</div>
</div>
<div class="sect2">
<h3 id="cassandra-integrated-auth"><a class="anchor" href="#cassandra-integrated-auth"></a>Cassandra Integrated Auth</h3>
<div class="paragraph">
<p>An alternative to the out-of-the-box JMX auth is to useeCassandra&#8217;s own
authentication and/or authorization providers for JMX clients. This is
potentially more flexible and secure but it come with one major caveat.
Namely that it is not available until <span class="title-ref">after</span> a node has
joined the ring, because the auth subsystem is not fully configured
until that point However, it is often critical for monitoring purposes
to have JMX access particularly during bootstrap. So it is recommended,
where possible, to use local only JMX auth during bootstrap and then, if
remote connectivity is required, to switch to integrated auth once the
node has joined the ring and initial setup is complete.</p>
</div>
<div class="paragraph">
<p>With this option, the same database roles used for CQL authentication
can be used to control access to JMX, so updates can be managed
centrally using just <code>cqlsh</code>. Furthermore, fine grained control over
exactly which operations are permitted on particular MBeans can be
acheived via <a href="../cql/security.html#grant-permission" class="page"><code>GRANT PERMISSION</code></a>.</p>
</div>
<div class="paragraph">
<p>To enable integrated authentication, edit <code>cassandra-env.sh</code> to
uncomment these lines:</p>
</div>
<div class="listingblock">
<div class="content">
<pre class="highlightjs highlight"><code class="language-bash hljs" data-lang="bash">#JVM_OPTS="$JVM_OPTS -Dcassandra.jmx.remote.login.config=CassandraLogin"
#JVM_OPTS="$JVM_OPTS -Djava.security.auth.login.config=$CASSANDRA_HOME/conf/cassandra-jaas.config"</code></pre>
</div>
</div>
<div class="paragraph">
<p>And disable the JMX standard auth by commenting this line:</p>
</div>
<div class="listingblock">
<div class="content">
<pre class="highlightjs highlight"><code class="language-bash hljs" data-lang="bash">JVM_OPTS="$JVM_OPTS -Dcom.sun.management.jmxremote.password.file=/etc/cassandra/jmxremote.password"</code></pre>
</div>
</div>
<div class="paragraph">
<p>To enable integrated authorization, uncomment this line:</p>
</div>
<div class="listingblock">
<div class="content">
<pre class="highlightjs highlight"><code class="language-bash hljs" data-lang="bash">#JVM_OPTS="$JVM_OPTS -Dcassandra.jmx.authorizer=org.apache.cassandra.auth.jmx.AuthorizationProxy"</code></pre>
</div>
</div>
<div class="paragraph">
<p>Check standard access control is off by ensuring this line is commented
out:</p>
</div>
<div class="listingblock">
<div class="content">
<pre class="highlightjs highlight"><code class="language-bash hljs" data-lang="bash">#JVM_OPTS="$JVM_OPTS -Dcom.sun.management.jmxremote.access.file=/etc/cassandra/jmxremote.access"</code></pre>
</div>
</div>
<div class="paragraph">
<p>With integrated authentication and authorization enabled, operators can
define specific roles and grant them access to the particular JMX
resources that they need. For example, a role with the necessary
permissions to use tools such as jconsole or jmc in read-only mode would
be defined as:</p>
</div>
<div class="listingblock">
<div class="content">
<pre class="highlightjs highlight"><code class="language-cql hljs" data-lang="cql">CREATE ROLE jmx WITH LOGIN = false;
GRANT SELECT ON ALL MBEANS TO jmx;
GRANT DESCRIBE ON ALL MBEANS TO jmx;
GRANT EXECUTE ON MBEAN 'java.lang:type=Threading' TO jmx;
GRANT EXECUTE ON MBEAN 'com.sun.management:type=HotSpotDiagnostic' TO jmx;
# Grant the role with necessary permissions to use nodetool commands (including nodetool status) in read-only mode
GRANT EXECUTE ON MBEAN 'org.apache.cassandra.db:type=EndpointSnitchInfo' TO jmx;
GRANT EXECUTE ON MBEAN 'org.apache.cassandra.db:type=StorageService' TO jmx;
# Grant the jmx role to one with login permissions so that it can access the JMX tooling
CREATE ROLE ks_user WITH PASSWORD = 'password' AND LOGIN = true AND SUPERUSER = false;
GRANT jmx TO ks_user;</code></pre>
</div>
</div>
<div class="paragraph">
<p>Fine grained access control to individual MBeans is also supported:</p>
</div>
<div class="listingblock">
<div class="content">
<pre class="highlightjs highlight"><code class="language-cql hljs" data-lang="cql">GRANT EXECUTE ON MBEAN 'org.apache.cassandra.db:type=Tables,keyspace=test_keyspace,table=t1' TO ks_user;
GRANT EXECUTE ON MBEAN 'org.apache.cassandra.db:type=Tables,keyspace=test_keyspace,table=*' TO ks_owner;</code></pre>
</div>
</div>
<div class="paragraph">
<p>This permits the <code>ks_user</code> role to invoke methods on the MBean
representing a single table in <code>test_keyspace</code>, while granting the same
permission for all table level MBeans in that keyspace to the <code>ks_owner</code>
role.</p>
</div>
<div class="paragraph">
<p>Adding/removing roles and granting/revoking of permissions is handled
dynamically once the initial setup is complete, so no further restarts
are required if permissions are altered.</p>
</div>
<div class="paragraph">
<p>See also: <a href="../cql/security.html#permissions" class="page"><code>Permissions</code></a>.</p>
</div>
</div>
<div class="sect2">
<h3 id="jmx-with-ssl"><a class="anchor" href="#jmx-with-ssl"></a>JMX With SSL</h3>
<div class="paragraph">
<p>JMX SSL configuration is controlled by a number of system properties,
some of which are optional. To turn on SSL, edit the relevant lines in
<code>cassandra-env.sh</code> to uncomment and
set the values of these properties as required:</p>
</div>
<div class="dlist">
<dl>
<dt class="hdlist1"><code>com.sun.management.jmxremote.ssl</code></dt>
<dd>
<p>set to true to enable SSL</p>
</dd>
<dt class="hdlist1"><code>com.sun.management.jmxremote.ssl.need.client.auth</code></dt>
<dd>
<p>set to true to enable validation of client certificates</p>
</dd>
<dt class="hdlist1"><code>com.sun.management.jmxremote.registry.ssl</code></dt>
<dd>
<p>enables SSL sockets for the RMI registry from which clients obtain the
JMX connector stub</p>
</dd>
<dt class="hdlist1"><code>com.sun.management.jmxremote.ssl.enabled.protocols</code></dt>
<dd>
<p>by default, the protocols supported by the JVM will be used, override
with a comma-separated list. Note that this is not usually necessary
and using the defaults is the preferred option.</p>
</dd>
<dt class="hdlist1"><code>com.sun.management.jmxremote.ssl.enabled.cipher.suites</code></dt>
<dd>
<p>by default, the cipher suites supported by the JVM will be used,
override with a comma-separated list. Note that this is not usually
necessary and using the defaults is the preferred option.</p>
</dd>
<dt class="hdlist1"><code>javax.net.ssl.keyStore</code></dt>
<dd>
<p>set the path on the local filesystem of the keystore containing server
private keys and public certificates</p>
</dd>
<dt class="hdlist1"><code>javax.net.ssl.keyStorePassword</code></dt>
<dd>
<p>set the password of the keystore file</p>
</dd>
<dt class="hdlist1"><code>javax.net.ssl.trustStore</code></dt>
<dd>
<p>if validation of client certificates is required, use this property to
specify the path of the truststore containing the public certificates
of trusted clients</p>
</dd>
<dt class="hdlist1"><code>javax.net.ssl.trustStorePassword</code></dt>
<dd>
<p>set the password of the truststore file</p>
</dd>
</dl>
</div>
<div class="paragraph">
<p>See also:
<a href="http://docs.oracle.com/javase/7/docs/technotes/guides/management/agent.html#gdemv">Oracle
Java7 Docs</a>,
<a href="https://www.lullabot.com/articles/monitor-java-with-jmx">Monitor Java
with JMX</a></p>
</div>
</div>
</div>
</div>
</article>
</main>
</div>
</div>
<footer class="grad grad--two flex-center pb-xlarge">
<div class="inner text-center z2 relative">
<h2 class="white py-small">Get started with Cassandra, fast.</h2>
<a id="footer-cta" href="/_/quickstart.html" class="btn btn--filled ma-medium">Quickstart Guide</a>
</div>
<div class="inner flex flex-distribute-items mt-xlarge z2 relative">
<div class="col-2">
<div id="footer-logo" class="logo logo--footer mb-medium"><img src="../../../../assets/img/logo-white-r.png" alt="Cassandra Logo"></div>
<p>Apache Cassandra<img src="../../../../assets/img/registered.svg" alt="®" style="width:18px;"> powers mission-critical deployments with improved performance and unparalleled levels of scale in the cloud.</p>
<div class="footer-social-icons">
<a href="https://twitter.com/cassandra?lang=en" target="_blank"><img src="../../../../assets/img/twitter-icon-circle-white.svg" alt="twitter icon" width="24"></a>
<a href="https://www.linkedin.com/company/apache-cassandra/" target="_blank"><img src="../../../../assets/img/LI-In-Bug.png" alt="linked-in icon" width="24"></a>
<a href="https://www.youtube.com/c/PlanetCassandra" target="_blank"><img src="../../../../assets/img/youtube-icon.png" alt="youtube icon" width="24"></a>
</div>
</div>
<div class="col-2 flex flex-center">
<ul class="columns-2">
<li class="mb-small"><a href="/">Home</a></li>
<li class="mb-small"><a href="/_/cassandra-basics.html">Cassandra Basics</a></li>
<li class="mb-small"><a href="/_/quickstart.html">Quickstart</a></li>
<li class="mb-small"><a href="/_/ecosystem.html">Ecosystem</a></li>
<li class="mb-small"><a href="/doc/latest/">Documentation</a></li>
<li class="mb-small"><a href="/_/community.html">Community</a></li>
<li class="mb-small"><a href="/_/case-studies.html">Case Studies</a></li>
<li class="mb-small"><a href="/_/resources.html">Resources</a></li>
<li class="mb-small"><a href="/_/blog.html">Blog</a></li>
</ul>
</div>
</div>
</footer>
<div class="lower-footer bg-white pa-medium">
<div class="flex flex-row flex-vert-center">
<div class="pr-medium"><img src="../../../../assets/img//feather-small.png" alt="ASF" width="20"></div>
<div class="pr-medium"><a href="http://www.apache.org/" target="_blank">Foundation</a></div>
<div class="pr-medium"><a href="https://www.apache.org/events/current-event.html" target="_blank">Events</a></div>
<div class="pr-medium"><a href="https://www.apache.org/licenses/" target="_blank">License</a></div>
<div class="pr-medium"><a href="https://www.apache.org/foundation/thanks" target="_blank">Thanks</a></div>
<div class="pr-medium"><a href="https://www.apache.org/security" target="_blank">Security</a></div>
<div class="pr-medium"><a href="https://privacy.apache.org/policies/privacy-policy-public.html" target="_blank">Privacy</a></div>
<div class="pr-medium"><a href="https://www.apache.org/foundation/sponsorship" target="_blank">Sponsorship</a></div>
</div>
<p class="my-medium">© 2009-<script>document.write(new Date().getFullYear())</script> <a href="https://apache.org" target="_blank">The Apache Software Foundation</a> under the terms of the Apache License 2.0. Apache, the Apache feather logo, Apache Cassandra, Cassandra, and the Cassandra logo, are either registered trademarks or trademarks of The Apache Software Foundation.</p>
</div>
<div id="fade" class="hidden"></div>
<div id="modal" class="hidden">
<div id="close-modal" class="cursor-pointer"><svg viewBox="0 0 24 24" width="24" height="24" stroke="currentColor" stroke-width="2" fill="none" stroke-linecap="round" stroke-linejoin="round" class="css-i6dzq1"><line x1="18" y1="6" x2="6" y2="18"></line><line x1="6" y1="6" x2="18" y2="18"></line></svg></div>
<div id="mod-content" class="vid-mod-content resp-container"></div>
</div>
<script src="../../../../assets/js/site.js"></script>
<script async src="../../../../assets/js/vendor/highlight.js"></script>
<script src="../../../../assets/js/vendor/lunr.js"></script>
<script src="../../../../assets/js/vendor/search.js" id="search-script" data-base-path="../../../.." data-page-path="/Cassandra/4.1/cassandra/operating/security.html"></script>
<script async src="../../../../assets/../search-index.js"></script>
<script>
jQuery(function(){
var windowW = $(window).width();
$(document)
.on('click','.mobile-nav-icon',function(){
$('.main-nav').fadeIn();
})
.on('click','.main-nav',function(){
if(windowW <= 1000){
$(this).fadeOut();
}
})
.on('click','#version-toggle',function(){
$(this).toggleClass('active');
$(this).next().fadeToggle();
})
.on('click','#mobile-docs-nav-burger', function(){
$(this).toggleClass('active');
$('.docs-nav').toggleClass('active');
});
var url = window.location.pathname;
var isQuickstart = url.includes('quickstart.html');
if(isQuickstart){
var footerCTA = document.getElementById('footer-cta');
footerCTA.innerHTML = 'Get latest updates';
footerCTA.setAttribute('href', '/_/blog.html');
}
});
</script>
</div>
</body>
</html>