I recently updated my cassandra dev cluster to v2.2.2 which includes RoleManager support. I noticed recently that when creating a new user via CQL:
CREATE ROLE abc WITH PASSWORD = 'abcde' AND LOGIN = true;
or
CREATE USER abc WITH PASSWORD 'abcde';
In either case, after executing the above command the user cannot login. Inspecting the system_auth keyspace, I can see that a 'row' is written in the roles table but not in credentials or users.
If I manually insert the appropriate row into credentials and users, then and only then can my user login.
Note also that I cannot DROP the user 'abc' until the row has been manually inserted into credentials and users.
What's going on here - am I mis-using CREATE USER / CREATE ROLE? It seems to me that the CREATE operation should do the necessary setup. Or has the upgrade migration failed in some subtle way?
If the upgrade migration process completed successfully then you should see the following entries in the logs:
Completed conversion of legacy users
Completed conversion of legacy credentials
If this is the case then you need to manually drop the legacy tables with:
DROP TABLE system_auth.users;
DROP TABLE system_auth.credentials;
This comes from this blog. Cassandra will continue to use the legacy tables until they are dropped.