# Cassandra ### Overview The Veza integration for Apache Cassandra enables discovery of roles, keyspaces, tables, and permissions. Veza connects to your Cassandra deployment to collect authorization metadata, and creates graph entities to model principals and resources within the open source NoSQL distributed database. After enabling the integration, you can use this information to: * Understand and visualize which roles can interact with specific tables and keyspaces in Cassandra. * Create rules to trigger downstream actions when Cassandra entities are added, removed, or modified. * Map external identities within your identity provider to Cassandra roles they can assume via SSO. This document provides the requirements and steps to configure the integration. See [Notes and Supported Entities](#notes-and-supported-entities) for more details about the metadata collected by Veza. ### Configuring Apache Cassandra #### Requirements * To support the roles and permission grants described in this document, the following configurations are required in your `cassandra.yaml` file: * `authenticator: PasswordAuthenticator` * `authorizer: CassandraAuthorizer` * An external [Insight Point](/4yItIzMvkpAvMVFAamTf/integrations/connectivity/insight-point.md) is recommended for secure communication with the Cassandra host in production environments. You can use the internal Insight Point for testing. #### Commands to Create a Role with Minimal Permissions 1. Log in to the Cassandra database as a superuser, or as a user with permission to create roles. 2. Run the following commands to create a new role using password authentication. Replace and with actual values: ```sql CREATE ROLE WITH PASSWORD = AND LOGIN = true; GRANT SELECT ON system_schema.keyspaces TO ; GRANT SELECT ON system_schema.tables TO ; GRANT SELECT ON system_auth.roles TO ; GRANT SELECT ON system_auth.role_permissions TO ; ``` For more details on creating a role, see [Security](https://cassandra.apache.org/doc/4.1/cassandra/operating/security.html) in the official Cassandra documentation. ### Configuring Apache Cassandra on the Veza Platform To configure the integration in Veza: 1. In Veza, go to the **Integrations** page. 2. Click *Add Integration* and search for Apache Cassandra. Select it and click **Next** to open the configuration editor. 3. Enter the required information. 4. Click *Create Integration* to save the configuration. | Field | Notes | | ------------- | ----------------------------------------------------------------------------------- | | Name | A friendly name to identify the unique integration. | | Insight Point | Choose whether to connect using the default data plane or a deployed Insight Point. | | Host | IP address of the Cassandra host. | | Port | Port to use for the connection. | | Username | Integration role password. | | Password | Integration role name. | ### Notes and Supported Entities #### Cassandra Database The primary container for all roles and keyspaces. A database serves as the top-level organizational unit within Cassandra, holding the structures necessary for data storage and access control. #### Cassandra Role A role in Cassandra represents a set of permissions that can be granted to perform various operations on the database. * Unlike traditional user accounts, Cassandra uses roles to define access control, with each role potentially inheriting permissions from other roles. * Roles are hierarchical; assigning one role to another allows the grantee to inherit the permissions of the granted role. * Login capabilities are not inherited and must be explicitly assigned. * Roles can have `superuser` status, granting them unrestricted access to all operations within Cassandra. This status can be inherited by other roles. | Role Attributes | | | --------------- | -------------------------------------------------------------------------------------------------------------- | | Can Login | True if the role is allowed to log in. | | Is Superuser | True if the role has superuser privileges. | | Has Password | True if the role has a password set. | | Identity Type | Veza sets this field to "Human" by default. You can add enrichment rules to mark certain roles as "Non-Human." | | Is Active | Veza sets this field to "True" by default. | #### Cassandra Role Effective Permission Represents the cumulative permissions that a role has, either directly assigned or inherited from other roles. These permissions dictate what actions the role can perform on the Cassandra Database or on other roles. #### Cassandra Table Effective Permission Represents the permissions that govern access to specific tables and keyspaces. These permissions determine what operations a role can perform on data stored within the tables of a keyspace, such as reading or modifying the data. #### Cassandra Keyspace A keyspace is a namespace that contains tables in Cassandra. It is a logical grouping that helps organize data within the database, defining attributes such as replication strategies and the number of replicas for data stored in the tables it contains. #### Cassandra Table A table is a collection of data organized into rows and columns, similar to a table in a relational database. Tables reside within a keyspace and store the actual data within the Cassandra database. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.veza.com/4yItIzMvkpAvMVFAamTf/integrations/integrations/cassandra.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.