I want to be able to create multiple users on my Cassandra app such that a user can only access specific databases. I've tried following the official docs of DataStax to create users. However, cosmosdB doesn't let me add users or even LIST USERS as it gives a No Host Available error. I've tried altering the system_auth keyspace to change the replication strategy as mentioned in this thread but to no avail. Gives me message="system_auth keyspace is not user-modifiable."
How can I use the Database Users feature of Cassandra on CosmosDB?
What alternatives do I have to create logins such that a user is only able to access a specific keyspace
Azure Cosmos DB for Apache Cassandra (the product) is not a true Cassandra cluster. Instead, Cosmos DB provides an API that is CQL compliant so you can connect to Cosmos DB using Cassandra drivers.
There are limits to what Cosmos DB's API can provide and there are several Cassandra features which are not supported which include (but not limited to) the following CQL commands:
CREATE ROLE
CREATE USER
LIST ROLES
LIST USERS
From what I understand, Cosmos DB uses role-based access control (RBAC) and you'll need to provision access to your DB using the Azure portal.
Cosmos DB also does not provide support for Cassandra permissions so you will not be able to grant granular permissions in the same way that you would in a traditional Cassandra cluster.
For more information, see Apache Cassandra features supported by Azure Cosmos DB. Cheers!
Related
I am trying to understand the differences between the new CockroackDB and other distributed SQL databases as compared to a cloud-managed database like Azure SQL Database.
It seems there is no difference in the use cases between them:
Like various NOSQL databases SQL (in general) allows partitioning keys.
I can add cores in Azure to increase the performance as needed, I can also switch to Hyper-scale if I have an elastic workload.
I can have read replication across multiple nodes over multiple availability zones (geo-locations)
I can configure data replication in Azure SQL Database too.
It seems to me that a cloud SQL database covers all the use cases the newer distributed databases cover, so why would I want to use a newer product ?
Isn't Azure SQL Database basically a distributed database server ?
Am I missing something ?
Is Azure SQL Server a Distributed SQL database?
No.
Like various NOSQL databases SQL (in general) allows partitioning keys.
Partitioning in NoSQL databases like Cassandra (and Azure Table Storage) is about distributing partitions to physically distinct nodes, and requires rows to have an explicitly set partition-key value.
Cassandra nodes are physically different machines that can run independently, which gives it excellent resiliency.
Partitioning in SQL Server, Azure SQL, and Azure SQL Managed Instance is about dividing data up into row-groups that exist in the same server for performance, not resiliency.
On on-prem MS SQL Server, these row-groups (well, partitions) can exist in different FILEGROUPs, which means they can exist in different storage volumes to avoid IO bottlenecks, but Azure SQL does not support multiple FILEGROUPs.
The benefits of implementing partitioning, including on Azure SQL, are documented online - and the article explains how it's about performance, not resilience.
I can add cores in Azure to increase the performance as needed, I can also switch to Hyper-scale if I have an elastic workload.
This fact has absolutely nothing to do with distributed databases.
I can have read replication across multiple nodes over multiple availability zones (geo-locations).
I can configure data replication in Azure SQL Database too.
Replication isn't the same thing as a true distributed database:
In Cassandra and other distributed databases, all clients can connect to all nodes and accomplish the same tasks; and you can arbitrarily add and remove nodes while the system is running.
In SQL Server and Azure SQL's replication feature, the replica is strictly a "secondary" that is subordinate to your primary server.
Clients can connect to either the secondary or the primary, but the secondary server can only perform read-only queries, whereas if a client wants to do DML (INSERT/UPDATE/DELETE/MERGE) or DDL (CREATE/ALTER) then the client must connect to the primary server.
It seems to me that a cloud SQL database covers all the use cases the newer distributed databases cover, so why would I want to use a newer product?
It can't: because Azure SQL is not a distributed database it cannot allow any client to read and write to any node or endpoint and have that change replicated to all other nodes (using an eventual consistency model). Instead, Azure SQL requires writes to be performed by the single primary "server".
Note that an Azure SQL "server" or logical server is largely an abstraction that hides what Azure SQL really is: a distinct build of SQL Server's engine that runs in a high-availability Azure Service Fabric environment (which is how cores/RAM can be added and removed while it's running and provides for some kind of local resilience against hardware failure) in a single Azure datacenter.
In Azure SQL I can query what temp tables currently exist by using the query -
select * from tempdb.sys.tables;
However, I am not able to find who created these. Surely there must be a simple way to find out who created these temp tables! There are links which suggest things, but all of that works on SQL Server, not Azure SQL.
Permissions
Any user can create temporary objects in tempdb. Users can
access only their own objects, unless they receive additional
permissions. It's possible to revoke the connect permission to tempdb
to prevent a user from using tempdb. We don't recommend it because
some routine operations require the use of tempdb.
The tempdb system database is a global resource that's available to all users connected to the instance of SQL Server or connected to Azure SQL Database.
By default, server admin, database owner or a user with required permission can access the tables of tempdb.
This official article on tempdb database is related to Azure SQL Database. Please go thorugh for more details and better understanding.
How can I enable replication in snowflake database using terraform ?
I am using chanzuckerberg snowfalke provider in terraform and was able to create the DB/SCHEMA/Warehouse/Tables/shares but I am not able to find the option to enable the database replication through terraform.
or Is there a way to enable run alter command on snowflake DB to enable the replication using terraform.
like :- alter database ${var.var_database_name} enable replication to accounts ${var.var_account_name};
You first have to enable replication for your organization. There are two ways to do this. One option is to open a case with Snowflake Support. Another option is to use the Organizations feature. If you do not have the Organization feature enabled, you will need to open a case with Support to enable it. If you do have the Organizations feature, you will have at least one person in your organization who has the ORGADMIN role.
That person will need to follow these steps: https://docs.snowflake.com/en/user-guide/database-replication-config.html#prerequisite-enable-replication-for-your-accounts
Once the accounts are enabled for replication, you can use SQL statements (orchestrated from Terraform or elsewhere) to promote a local database to the primary in a replication group: https://docs.snowflake.com/en/user-guide/database-replication-config.html#promoting-a-local-database
After you then get secondary databases, you can run a single line of SQL on the secondary DB's account to initiate replication: alter database <DB_NAME> refresh;
I want to connect a Read-Only replica for reporting purpose in Azure SQL managed instance. For this, I tried to add an ApplicationIntent=ReadOnly parameter.
But it is still it not connecting the Read-Only replica. So is there any configuration required to connect Read-Only replica in Azure MI?
Azure SQLMI Business critical service tier has Built-in additional read-only database replica that can be used for reporting and other read-only workloads similar to azure sql database premium tier. It is enabled by default no user action required. You need to use 'ApplicationIntent=ReadOnly' flag to access internal replica.
Azure support the replica feature , please see this tutorial Configure replication in an Azure SQL Database managed instance database.
But for ApplicationIntent=ReadOnly, it's not supported or applies to in Azure SQL managed instance.
You can reference this document: SQL Server Native Client Support for High Availability, Disaster Recovery.
Hope this helps.
what is the best way to limit latency for SQL Azure in global applications?
My Application uses SQL Azure and would like to know based on the network location of users if its possible to connect SQL Azure near to users.
So Logically would need to have SQL Azure database with global replication but not geo-replication as each copy would serve as Master and not secondary.
Thank you in advance.
You may want to try CosmosDB to distribute data globally and obtain low latency as explained on this article and this documentation.
For replicating data using SQL Data Sync with Azure SQL Database, take in consideration paired regions which may reduce latency. With SQL Data Sync a hub database can be defined and many member database on another region, and data can be synched on both ways between the hub and any member database.