Permission issue in cassandra

Question

For A user in cassandra I got permission using following command:

PRICINGUSR@cqlsh:system> LIST ALL PERMISSIONS OF PRICINGUSR;

 username   | resource           | permission
------------+--------------------+------------
 PRICINGUSR | <keyspace pricing> |     CREATE
 PRICINGUSR | <keyspace pricing> |      ALTER
 PRICINGUSR | <keyspace pricing> |       DROP
 PRICINGUSR | <keyspace pricing> |     SELECT
 PRICINGUSR | <keyspace pricing> |     MODIFY
 PRICINGUSR | <keyspace pricing> |  AUTHORIZE

Note: There are no permission for system keyspace.

But When I query tables of system keyspace for some I get response and for some I don't.

PRICINGUSR@cqlsh:system> Select * from system.schema_keyspaces limit 1;

 keyspace_name | durable_writes | strategy_class                                       | strategy_options
---------------+----------------+------------------------------------------------------+------------------
        ccw_pd |           True | org.apache.cassandra.locator.NetworkTopologyStrategy |      {"DC1":"3"}

(1 rows)
PRICINGUSR@cqlsh:system> Select * from system.size_estimates limit 1;
Unauthorized: code=2100 [Unauthorized] message="User PRICINGUSR has no SELECT permission on <table system.size_estimates> or any of its parents"
PRICINGUSR@cqlsh:system> Select * from system.schema_usertypes limit 1;

 keyspace_name | type_name | field_names | field_types
---------------+-----------+-------------+-------------

(0 rows)
PRICINGUSR@cqlsh:system>

I am using DSE 4.8.1

Answer 1

Cassandra maintains a set of READABLE_SYSTEM_RESOURCES that can be read regardless of permissions. This is necessary to allow Cassandra to manage user resources without having to have permissions granted to every user. The tables included in this list are:

• system.local
• system.peers
• system.schema_keyspaces
• system.schema_columnfamilies
• system.schema_columns
• system.schema_triggers
• system.schema_usertypes

The above list applies to Cassandra 2.1 only used in DSE 4.8