• Glossary
  • Support
  • Downloads
  • DataStax Home
Get Live Help
Expand All
Collapse All

DataStax Astra DB Classic Documentation

    • Overview
      • Release notes
      • Astra DB FAQs
      • Astra DB glossary
      • Get support
    • Getting Started
      • Grant a user access
      • Load and retrieve data
        • Use DSBulk to load data
        • Use Data Loader in Astra Portal
      • Connect a driver
      • Build sample apps
      • Use integrations
    • Planning
      • Plan options
      • Database regions
    • Securing
      • Security highlights
      • Security guidelines
      • Default user permissions
      • Change your password
      • Reset your password
      • Authentication and Authorization
      • Astra DB Plugin for HashiCorp Vault
    • Connecting
      • Connecting to a VPC
      • Connecting Change Data Capture (CDC)
      • Connecting CQL console
      • Connect the Spark Cassandra Connector to Astra
      • Drivers for Astra DB
        • Connecting C++ driver
        • Connecting C# driver
        • Connecting Java driver
        • Connecting Node.js driver
        • Connecting Python driver
        • Connecting Legacy drivers
        • Drivers retry policies
      • Get Secure Connect Bundle
    • Migrating
      • Components
      • FAQs
      • Preliminary steps
        • Feasibility checks
        • Deployment and infrastructure considerations
        • Create target environment for migration
        • Understand rollback options
      • Phase 1: Deploy ZDM Proxy and connect client applications
        • Set up the ZDM Proxy Automation with ZDM Utility
        • Deploy the ZDM Proxy and monitoring
        • Configure Transport Layer Security
        • Connect client applications to ZDM Proxy
        • Leverage metrics provided by ZDM Proxy
        • Manage your ZDM Proxy instances
      • Phase 2: Migrate and validate data
      • Phase 3: Enable asynchronous dual reads
      • Phase 4: Change read routing to Target
      • Phase 5: Connect client applications directly to Target
      • Troubleshooting
        • Troubleshooting tips
        • Troubleshooting scenarios
      • Glossary
      • Contribution guidelines
      • Release Notes
    • Managing
      • Managing your organization
        • User permissions
        • Pricing and billing
        • Audit Logs
        • Bring Your Own Key
          • BYOK AWS DevOps API
        • Configuring SSO
          • Configure SSO for Microsoft Azure AD
          • Configure SSO for Okta
          • Configure SSO for OneLogin
      • Managing your database
        • Create your database
        • View your databases
        • Database statuses
        • Use DSBulk to load data
        • Use Data Loader in Astra Portal
        • Monitor your databases
        • Manage multiple keyspaces
        • Using multiple regions
        • Terminate your database
        • Resize your classic database
        • Park your classic database
        • Unpark your classic database
      • Managing with DevOps API
        • Managing database lifecycle
        • Managing roles
        • Managing users
        • Managing tokens
        • Managing multiple regions
        • Get private endpoints
        • AWS PrivateLink
        • Azure PrivateLink
        • GCP Private Service
    • Astra CLI
    • Developing with Stargate APIs
      • Develop with REST
      • Develop with Document
      • Develop with GraphQL
        • Develop with GraphQL (CQL-first)
        • Develop with GraphQL (Schema-first)
      • Develop with gRPC
        • gRPC Rust client
        • gRPC Go client
        • gRPC Node.js client
        • gRPC Java client
      • Develop with CQL
      • Tooling Resources
      • Node.js Document API client
      • Node.js REST API client
    • Stargate QuickStarts
      • Document API QuickStart
      • REST API QuickStart
      • GraphQL API CQL-first QuickStart
    • API References
      • DevOps REST API v2
      • Stargate Document API v2
      • Stargate REST API v2
  • DataStax Astra DB Classic Documentation
  • Getting Started
  • Grant a user access

Grant a user access

This quick start will help you grant access to a user for your DataStax Astra DB database with ease.

Here are the basic steps:

  1. Create your Astra DB account.

  2. Create your organization.

  3. Optional: Create a custom role with unique permissions.

  4. Assign a role to a user.

  5. Generate an application token.

If you are using a classic database that was created before 4 March 2021 and has not been migrated to the newest authentication, you cannot use application tokens for authentication. For more, see Authentication for classic databases.

Create your organization

  1. Open your Astra Portal and click the Organizations dropdown.

    1500
  2. Select the Organization dropdown and select Manage Organizations.

  3. Select + Add Organization. The Add Organization window opens.

    • Enter the name and email address for your new organization.

    • Select Add to add the new organization.

The organization is added to the list. An email is sent to the email address entered for the organization owner.

Optional: Create a custom role with unique permissions

You don’t have to create custom roles to assign permissions to users. Custom permissions allow you to grant specific permissions to specific databases and keyspaces. For more, see Manage custom user roles and User permissions.

You can also create custom roles using the DevOps API.

  1. In Astra Portal, select the organization in the left navigation to add a custom role.

  2. Select Settings.

  3. Select Role Management and then Add Custom Role.

  4. Enter the name you want to use for your custom role. This name should help you easily identify when you want to assign this role to users.

  5. Select the Organization, Keyspace, Table, and API permissions you want to assign to your custom role.

    If you want users with this role to be able to see the Astra DB user interface, make sure you select Read User and View DB permissions.

  6. To apply your selected permissions to specific databases or keyspaces, toggle the switch to not apply the permissions to all databases in an organization. Then select the specific databases or keyspaces to which you want to apply the permissions.

  7. Once you have selected your permissions, select Create Role.

Assign a role to a user

  1. In Astra Portal, select Settings in the left navigation.

    1500
  2. Select User Management and then Invite User.

  3. Enter the email address for the user you want to invite for the specific user role. If adding multiple users, separate the email addresses with commas, spaces, or line breaks.

  4. Select the user role(s) for the user(s) you are inviting. Multiple roles are available within each group of roles for Organization Access, Database, Keyspace, or Table Access, and API Access.

  5. Select Invite Users to send email invitations to the users at their email address.

Invited users are listed as pending until they accept the invitation to join your organization.

Generate an application token

You can also create an application token using the DevOps API.

  1. In Astra Portal, select Settings in the left navigation.

    1500
  2. Select Token Management.

  3. Click the dropdown arrow to select the role you want to attach to your token. The permissions for your selected role are displayed.

  4. Select Generate Token. Astra DB generates your token and displays the Client ID, Client Secret, and Token.

  5. Download your Client ID, Client Secret, and Token.

After you navigate away from the page, you won’t be able to download your Client ID, Client Secret, and Token again. These tokens do not automatically expire, but can be destroyed in case they are compromised or no longer needed.

What’s next?

You can now use your token to connect to the Astra DB APIs. See more about the available APIs:

  • Document API

  • REST API

  • GraphQL CQL first API

  • GraphQL Schema first API

  • DevOps API

You can use your Client ID and Client Secret to connect to your database. See more about the available connection options:

  • Standalone CQL shell

  • Connecting C++ driver

  • Connecting C# driver

  • Connecting Java driver

  • Connecting Node.js driver

  • Connecting Python driver

  • Connecting Legacy drivers

Getting Started Load and retrieve data

General Inquiries: +1 (650) 389-6000 info@datastax.com

© DataStax | Privacy policy | Terms of use

DataStax, Titan, and TitanDB are registered trademarks of DataStax, Inc. and its subsidiaries in the United States and/or other countries.

Apache, Apache Cassandra, Cassandra, Apache Tomcat, Tomcat, Apache Lucene, Apache Solr, Apache Hadoop, Hadoop, Apache Pulsar, Pulsar, Apache Spark, Spark, Apache TinkerPop, TinkerPop, Apache Kafka and Kafka are either registered trademarks or trademarks of the Apache Software Foundation or its subsidiaries in Canada, the United States and/or other countries.

Kubernetes is the registered trademark of the Linux Foundation.

landing_page landingpage