I'm trying to find any documentation which would state the permission needed to create a new keyspace. I would assume ONLY a role with superuser = true is allowed to create new Keyspaces?
We would like to limit access so one user can not see other keyspaces but still be able to create new keyspaces.
What's the best approach here?
Not sure if any of these 2 points above is possible. Thanks for any input.
So the first scenario isn't possible. A super user is a user that cannot be limited.
The second one though, sort of is:
GRANT CREATE
ON ALL KEYSPACES
TO keyspace_creator;
Granting CREATE permissions on ALL KEYSPACES is the only way to grant keyspace creation. Just remember that it also grants table creation (within ALL keyspaces), as well as SELECT and MODIFY on tables they have created.
They can still "see" and describe other keyspaces and tables. But that user cannot access (SELECT) any tables that they have not been explicitly granted access to or did not create themselves.