The cassandra-dev cluster is a 3-host, 6-instance Cassandra cluster in the production network. We use it to stage changes, both to environments (Cassandra, JVM, etc), and services (sessionstore, echo last-modified timestamps, page content service, etc). For its role in the latter, it makes sense that we provide developer access via cqlsh.
I propose we accomplish this by following examples set in modules/admin/data/data.yaml, with a group and corresponding sudo privileges. The sudoers rule would allow the invocation of cqlsh, either directly, or via a wrapper.
Database credentials can be templated to ~/.cassandra/credentials (cqlsh defaults to reading them from here). I propose that we create a database user/role for this purpose, and that the grants (full set of grants TBD) be applied to all tables (meaning that everyone added to the group would have the same access, to all tables).
TBD: Create a dedicated system user for this? Use the cassandra user?