# Security and Permissions ## SQL Permissions The Spark user must have access to the SingleStore Helios workspace. Additionally, SingleStore has a [Permissions Matrix](https://docs.singlestore.com/cloud/reference/sql-reference/security-management-commands/permissions-matrix.md) which describes the permissions required to run each command. To perform any SQL operations through the SingleStore Spark Connector, you should have different permissions for different types of operations. The following matrix describes the minimum permissions required to perform some operations. The `ALL PRIVILEGES` permission allows you to perform any operation. | Operation | Min. Permission | Alternative Permission | | ------------------------------ | ------------------------ | ---------------------- | | `READ`from collection | `SELECT` | `ALL PRIVILEGES` | | `WRITE`to collection | `SELECT, INSERT` | `ALL PRIVILEGES` | | `DROP`database or collection | `SELECT, INSERT, DROP` | `ALL PRIVILEGES` | | `CREATE`database or collection | `SELECT, INSERT, CREATE` | `ALL PRIVILEGES` | ## SSL Support The SingleStore Spark Connector uses the SingleStore JDBC Driver under the hood and thus supports SSL configuration out of the box. Once you have setup SSL on your server, use the following options to enable SSL: ```scala spark.conf.set("spark.datasource.singlestore.useSSL", "true") spark.conf.set("spark.datasource.singlestore.serverSslCert", "PATH/TO/CERT") ``` **Note:** The `serverSslCert` option may be server’s certificate in DER form, or the server’s CA certificate. It can be used in one of the following three forms: * Full path to certificate: `serverSslCert=/path/to/cert.pem` * Relative to current classpath: `serverSslCert=classpath:relative/cert.pem` * Verbatim DER-encoded certificate string: `------BEGIN CERTIFICATE-----...` Depending on your SSL configuration, set these additional options: ```scala spark.conf.set("spark.datasource.singlestore.trustServerCertificate", "true") spark.conf.set("spark.datasource.singlestore.disableSslHostnameVerification", "true") ``` See [The SingleStore JDBC Driver](https://docs.singlestore.com/cloud/developer-resources/connect-with-application-development-tools/connect-with-java-jdbc/the-singlestore-jdbc-driver.md) for more information. If you are still using the MariaDB JDBC driver, see [MariaDB JDBC Connector](https://mariadb.com/kb/en/about-mariadb-connector-j/#tls-parameters) for more information. ## Authenticate via JWTs To authenticate your connection to a SingleStore Helios workspace using the SingleStore Spark connector with a JWT, specify the following parameters: * `credentialType=JWT` * `password=` > **📝 Note**: To authenticate your connection to the SingleStore workspace using JWTs, the SingleStore user must connect via SSL and use JWT for authentication. To create a SingleStore user that can authenticate with a JWT, execute the following command:```sql > CREATE USER 'email@example.com'@'%' IDENTIFIED WITH authentication_jwt REQUIRE SSL; > ``` See [Authenticate via JWT](https://docs.singlestore.com/cloud/security/database-access/authenticate-via-jwt.md) for more information. *** Modified at: May 3, 2023 Source: [/cloud/load-data/integrate-with-singlestore-helios/load-data-from-spark/security-and-permissions/](https://docs.singlestore.com/cloud/load-data/integrate-with-singlestore-helios/load-data-from-spark/security-and-permissions/) (An index of the documentation is available at /llms.txt)