Appendix B. Authentication and Authorization
In our interactions with Cassandra in this book, we haven't concerned ourselves with authentication or authorization; whenever we connect to our local Cassandra instance, we're not required to provide any credentials, and there have been no restrictions on what kind of operations we've been able to perform. This is the default configuration for a Cassandra cluster and works well in many scenarios, in particular where network access to the machines running Cassandra is tightly controlled.
In some scenarios, however, it's useful to be able to control access to Cassandra at the database level itself—for instance, when a cluster is shared between multiple tenants or where a large organization needs to restrict access to sensitive data to certain departments or individuals.
For these scenarios, Cassandra does offer a full suite of authentication and authorization functionality; accounts and permissions are configured...