This is an automated email from the ASF dual-hosted git repository. brads pushed a commit to branch trunk in repository https://gitbox.apache.org/repos/asf/cassandra.git
commit e1699eb3a2c28362716943a7fc8a4a6299a515b7 Merge: 9c8ab8809d 756af29b7a Author: Brad Schoening <[email protected]> AuthorDate: Mon Dec 15 23:06:02 2025 -0500 Update and syncronize cql_singlefile.adoc with CQL.textile updates patch by Brad Schoening; reviewed by Jyothsna Konisa for CASSANDRA-20405 .../examples/BNF/alter_role_statement.bnf | 13 +- .../examples/BNF/alter_user_statement.bnf | 8 +- .../examples/BNF/create_role_statement.bnf | 15 +- .../examples/BNF/create_user_statement.bnf | 10 +- doc/modules/cassandra/examples/CQL/alter_role.cql | 5 +- doc/modules/cassandra/examples/CQL/create_role.cql | 5 +- doc/modules/cassandra/examples/CQL/create_user.cql | 1 + .../cassandra/examples/CQL/create_user_role.cql | 4 +- .../cassandra/examples/CQL/select_range.cql | 2 +- .../pages/developing/cql/cql_singlefile.adoc | 862 +-------------------- .../cassandra/pages/developing/cql/security.adoc | 57 +- 11 files changed, 105 insertions(+), 877 deletions(-) diff --cc doc/modules/cassandra/pages/developing/cql/security.adoc index 99b6d44434,f34d391040..208dfd383a --- a/doc/modules/cassandra/pages/developing/cql/security.adoc +++ b/doc/modules/cassandra/pages/developing/cql/security.adoc @@@ -167,11 -167,11 +167,11 @@@ used and the role does not exist the st DROP ROLE intentionally does not terminate any open user sessions. Currently connected sessions will remain connected and will retain the ability to perform any database actions which do not require - xref:cassandra:developing/cql/security.adoc#authorization[authorization]. + xref:cassandra:managing/operating/authorization/security.adoc#authorization[authorization]. However, if authorization is enabled, xref:cassandra:developing/cql/security.adoc#cql-permissions[permissions] of the dropped role are also revoked, - subject to the xref:cassandra:developing/cql/security.adoc#auth-caching[caching options] configured in xref:cassandra:developing/cql/configuring.adoc#cassandra.yaml[cassandra-yaml] file. + subject to the xref:cassandra:managing/operating/security.adoc#auth-caching[caching options] configured in xref:cassandra:developing/cql/configuring.adoc#cassandra.yaml[cassandra-yaml] file. Should a dropped role be subsequently recreated and have new xref:security.adoc#grant-permission-statement[permissions] or -xref:security.adoc#grant-role-statement[roles]` granted to it, any client sessions still +xref:security.adoc#grant-role-statement[roles] granted to it, any client sessions still connected will acquire the newly granted permissions and roles. ==== @@@ -344,8 -344,61 +344,61 @@@ Existing users can be listed using the include::cassandra:example$BNF/list_users_statement.bnf[] ---- -Note that this statement is equivalent to xref:security.adoc#list-roles-statement[`LIST ROLES], but only roles with the `LOGIN` privilege are included in the output. +Note that this statement is equivalent to xref:security.adoc#list-roles-statement[LIST ROLES], but only roles with the `LOGIN` privilege are included in the output. + [[databaseIdentity]] + === Database Identities + + [[AddIdentityStmt]] + ==== ADD IDENTITY + + _Syntax:_ + + [source,bnf] + ::= ADD IDENTITY [ IF NOT EXISTS ] id_name TO ROLE role_name + + _Sample:_ + + [source,sql] + ADD IDENTITY 'id1' TO ROLE 'role1'; + + Only a user with privileges to add roles can add identities. + + Role names & Identity names should be quoted if they contain non-alphanumeric characters. + + [[addIdentityConditional]] + ===== Adding an identity conditionally + + Attempting to add an existing identity results in an invalid query + condition unless the `IF NOT EXISTS` option is used. If the option is + used and the identity exists, the statement is a no-op. + + [source,sql] + ADD IDENTITY [ IF NOT EXISTS ] 'id1' TO ROLE 'role1'; + + [[dropIdentityStmt]] + ==== DROP IDENTITY + + _Syntax:_ + + [source,bnf] + ::= DROP IDENTITY [ IF EXISTS ] + + _Sample:_ + + [source,sql] + ---- + DROP IDENTITY 'testIdentity'; + DROP IDENTITY IF EXISTS 'testIdentity'; + ---- + + Only a user with privileges to drop roles can remove identities + + Attempting to drop an identity which does not exist results in an invalid + query condition unless the `IF EXISTS` option is used. If the option is + used and the identity does not exist the statement is a no-op. + + [[dataControl]] == Data Control [[cql-permissions]] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
