Database Administration
permissions cassandra
Updated Thu, 16 Jun 2022 21:21:37 GMT

Apache Cassandra INSERT-only permissions

Looking at the Cassandra documentation, it appears that the smallest write-only permission on a table you can grant is MODIFY, which includes UPDATE, DELETE and TRUNCATE.

Is there a proper way to restrict this further to ONLY grant INSERT and no other permission, ideally for the user/role itself, without requiring further logic application side?

I would like for ONLY the DBA to have the ability to alter data in a table, the application user should have INSERT-only rights.

If it's not possible using the permission model only, could triggers be the answer and are there known drawbacks for this approach?


No, there is no such way right now because it's how the Cassandra works.

INSERTS in Cassandra are really upserts, so if you insert data with the same primary key, then they are modified, like you do with UPDATE. And similarly, if you insert null values, then you're deleting the data.