Looking at the Cassandra documentation, it appears that the smallest write-only permission on a table you can grant is MODIFY, which includes UPDATE, DELETE and TRUNCATE.
Is there a proper way to restrict this further to ONLY grant INSERT and no other permission, ideally for the user/role itself, without requiring further logic application side?
I would like for ONLY the DBA to have the ability to alter data in a table, the application user should have INSERT-only rights.
If it's not possible using the permission model only, could triggers be the answer and are there known drawbacks for this approach?
Best Answer
No, there is no such way right now because it's how the Cassandra works.
INSERTS
in Cassandra are really upserts, so if you insert data with the same primary key, then they are modified, like you do withUPDATE
. And similarly, if you insertnull
values, then you're deleting the data.