Why cassandra user need <all keyspaces> permission?

#1

Hi Team,

I am using Kong 0.11 with datastax cassandra. Kong was working fine till we were using it with community edition cassandra but as we moved, we started seeing this error User <xyz> has no CREATE permission on <all keyspaces> or any of its parents. Why does kong need permission on ? I have given right permission to kong keyspace that should be enough, isn’t it?

1 Like

#2

Let me start by saying that Kong 0.11 is a bit out of date and I recommend you upgrade your Kong version

Can you give us more context? Where are you seeing this error? Is it on the nginx error log, or is it while attempting to run kong migrate up?

0 Likes

#3

@amolp Hi, and welcome!

Kong will attempt to create the keyspace itself if it does not already exist, in which case it does need the CREATE permission on <all keyspaces>.

However, you can create the keyspace manually form an account that has such permissions, and Kong will not attempt to create it itself, simply use it.

Let us know if that works for you.

Cheers

0 Likes

#4

Hey @thibaultcha,

I already have a keyspace with all the permission on that keyspace except for CREATE on ALL KEYSPACES. So, does it need that permission or is there a way to avoid that too?

0 Likes