Reputation: 33
Any reason not dropping cassandra default user?
Most of the online guides give advice how to alter the password of the default cassandra user and create another admin for better security. Is there any reason to keep cassandra role if another superuser is created and used for all purposes?
I created a new admin user:
CREATE ROLE priam WITH PASSWORD = 'somepass' AND LOGIN = true AND SUPERUSER = true;
and deleted the default one:
drop role cassandra;
Seems that everything still works :) or not?
Upvotes: 0
Views: 493
Answers (2)
Reputation: 87224
The biggest problem with built-in cassandra user is that the QUORUM consistency level is used when accessing its data. This means, if you lose several nodes, you have a big chance not be able to login with this user if you want to perform some action.
You can leave the cassandra user, but you must change its password, and because it's still exist, it's an additional security risk.
So it's better to use a new super user and drop cassandra.
Upvotes: 1
Reputation: 33
Here they say that you can also drop the account after you create another with superuser rights.
also here:
https://www.allcode.com/remove-the-user-cassandra-from-datastaxapache-cassandra-installations/
Upvotes: 0
Related Questions
- Does Cassandra 2.0.6 not support ROLE in cqlsh?
- What's the procedure to change password for default cassandra user?
- cassandra - only superuser is allowed to perform CREATE USER queries
- lost cassandra authentication user after adding a new node
- Cassandra (CQL) RoleManager disable
- Cassandra can not delete role or user which in the role or user list
- Cassandra default column value cqlsh
- How do you create the first user in Cassandra DB
- How to reset Cassandra superuser, when Cassandra does not know 'cassandra' default user?
- How do you login, check your user account and execute queries as a specific user in Cassandra?