• Glossary
  • Support
  • Downloads
  • DataStax Home
Get Live Help
Expand All
Collapse All

DataStax Astra DB Classic Documentation

    • Overview
      • Release notes
      • Astra DB FAQs
      • CQL for Astra
      • Astra DB glossary
      • Get support
    • Getting Started
      • Create your database
      • Grant a user access
      • Load and retrieve data
        • Use DSBulk to load data
        • Use Data Loader in Astra Portal
      • Connect a driver
      • Build sample apps
      • Use integrations
    • Planning
      • Plan options
      • Database regions
    • Securing
      • Security highlights
      • Security guidelines
      • Default user permissions
      • Change your password
      • Reset your password
      • Authentication and Authorization
      • Astra DB Plugin for HashiCorp Vault
    • Connecting
      • Connecting to a VPC
      • Connecting Change Data Capture (CDC)
      • Connecting CQL console
      • Connect the Spark Cassandra Connector to Astra
      • Drivers for Astra DB
        • Connecting C++ driver
        • Connecting C# driver
        • Connecting Java driver
        • Connecting Node.js driver
        • Connecting Python driver
        • Connecting Legacy drivers
        • Drivers retry policies
      • Get Secure Connect Bundle
    • Migrating
      • Components
      • FAQs
      • Preliminary steps
        • Feasibility checks
        • Deployment and infrastructure considerations
        • Create target environment for migration
        • Understand rollback options
      • Phase 1: Deploy ZDM Proxy and connect client applications
        • Set up the ZDM Proxy Automation with ZDM Utility
        • Deploy the ZDM Proxy and monitoring
        • Configure Transport Layer Security
        • Connect client applications to ZDM Proxy
        • Leverage metrics provided by ZDM Proxy
        • Manage your ZDM Proxy instances
      • Phase 2: Migrate and validate data
        • Cassandra Data Migrator
        • DSBulk Migrator
      • Phase 3: Enable asynchronous dual reads
      • Phase 4: Change read routing to Target
      • Phase 5: Connect client applications directly to Target
      • Troubleshooting
        • Troubleshooting tips
        • Troubleshooting scenarios
      • Glossary
      • Contribution guidelines
      • Release Notes
    • API QuickStarts
      • Document API QuickStart
      • REST API QuickStart
      • GraphQL CQL-first API QuickStart
    • Developing with APIs
      • Developing with Document API
      • Developing with REST API
      • Developing with GraphQL API
        • Developing with GraphQL API (CQL-first)
        • Developing with GraphQL API (Schema-first)
      • Developing with gRPC API
        • gRPC Rust Client
        • gRPC Go Client
        • gRPC Node.js Client
        • gRPC Java Client
      • Developing with CQL API
      • Tooling Resources
      • Node.js Document Collection Client
      • Node.js REST Client
    • API References
      • Astra DB JSON API v1
      • Astra DB REST API v2
      • Astra DB Document API v2
      • Astra DB DevOps API v2
    • Managing
      • Managing your organization
        • User permissions
        • Pricing and billing
        • Audit Logs
        • Delete an account
        • Bring Your Own Key
          • BYOK AWS DevOps API
        • Configuring SSO
          • Configure SSO for Microsoft Azure AD
          • Configure SSO for Okta
          • Configure SSO for OneLogin
      • Managing your database
        • Create your database
        • View your databases
        • Database statuses
        • Use DSBulk to load data
        • Use Data Loader in Astra Portal
        • Monitor your databases
        • Manage multiple keyspaces
        • Using multiple regions
        • Terminate your database
        • Resize your classic database
        • Park your classic database
        • Unpark your classic database
      • Managing with DevOps API
        • Managing database lifecycle
        • Managing roles
        • Managing users
        • Managing tokens
        • Managing multiple regions
        • Get private endpoints
        • AWS PrivateLink
        • Azure PrivateLink
        • GCP Private Service
    • Astra CLI
  • DataStax Astra DB Classic Documentation
  • Getting Started
  • Grant a user access

Grant a user access

This quick start will help you grant access to a user for your DataStax Astra DB database with ease.

Here are the basic steps:

  1. Create your Astra DB account.

  2. Create your organization.

  3. Optional: Create a custom role with unique permissions.

  4. Assign a role to a user.

  5. Generate an application token.

If you are using a classic database that was created before 4 March 2021 and has not been migrated to the newest authentication, you cannot use application tokens for authentication. For more, see Authentication for classic databases.

Create your organization

  1. Open your Astra Portal and click the Organizations dropdown.

  2. Select the Organization dropdown and select Manage Organizations.

  3. Select + Add Organization. The Add Organization window opens.

    • Enter the name and email address for your new organization.

    • Select Add to add the new organization.

The organization is added to the list. An email is sent to the email address entered for the organization owner.

Optional: Create a custom role with unique permissions

You don’t have to create custom roles to assign permissions to users. Custom permissions allow you to grant specific permissions to specific databases and keyspaces. For more, see Manage custom user roles and User permissions.

You can also create custom roles using the DevOps API.

  1. In Astra Portal, select the organization in the left navigation to add a custom role.

  2. Select Settings.

  3. Select Role Management and then Add Custom Role.

  4. Enter the name you want to use for your custom role. This name should help you easily identify when you want to assign this role to users.

  5. Select the Organization, Keyspace, Table, and API permissions you want to assign to your custom role.

    If you want users with this role to be able to see the Astra DB user interface, make sure you select Read User and View DB permissions.

  6. To apply your selected permissions to specific databases or keyspaces, toggle the switch to not apply the permissions to all databases in an organization. Then select the specific databases or keyspaces to which you want to apply the permissions.

  7. Once you have selected your permissions, select Create Role.

Assign a role to a user

  1. From any page in Astra DB, select the Organizations dropdown.

    Organization Selection

  2. In the main dropdown, select Organization Settings.

  3. From the Users tab, select Invite User.

  4. Enter the email address for the user you want to invite for the specific user role. If adding multiple users, separate the email addresses with commas, spaces, or line breaks.

  5. Select the user role(s) for the user(s) you are inviting. Multiple roles are available within each group of roles for Organization Access, Database, Keyspace, or Table Access, and API Access.

  6. Select Invite Users to send email invitations to the users at their email address.

Invited users are listed as pending until they accept the invitation to join your organization.

Generate an application token

You can also create an application token using the DevOps API.

  1. From any page in Astra DB, select the Organizations dropdown.

    Organization Selection

  2. In the main dropdown, select Organization Settings.

  3. From your Organization page, select the Tokens tab.

  4. Select the role you want to attach to your token. The permissions for your selected role will be displayed.

  5. Select Generate Token. Astra DB will generate your token and display the Client ID, Client Secret, and Token.

  6. Download your Client ID, Client Secret, and Token.

After you navigate away from the page, you won’t be able to download your Client ID, Client Secret, and Token again. These tokens do not automatically expire, but can be destroyed in case they are compromised or no longer needed.

What’s next?

You can now use your token to connect to the Astra DB APIs. See more about the available APIs:

  • Document API

  • REST API

  • GraphQL CQL first API

  • GraphQL Schema first API

  • DevOps API

You can use your Client ID and Client Secret to connect to your database. See more about the available connection options:

  • Standalone CQL shell

  • Connecting C++ driver

  • Connecting C# driver

  • Connecting Java driver

  • Connecting Node.js driver

  • Connecting Python driver

  • Connecting Legacy drivers

Create your database Load and retrieve data

General Inquiries: +1 (650) 389-6000 info@datastax.com

© DataStax | Privacy policy | Terms of use

DataStax, Titan, and TitanDB are registered trademarks of DataStax, Inc. and its subsidiaries in the United States and/or other countries.

Apache, Apache Cassandra, Cassandra, Apache Tomcat, Tomcat, Apache Lucene, Apache Solr, Apache Hadoop, Hadoop, Apache Pulsar, Pulsar, Apache Spark, Spark, Apache TinkerPop, TinkerPop, Apache Kafka and Kafka are either registered trademarks or trademarks of the Apache Software Foundation or its subsidiaries in Canada, the United States and/or other countries.

Kubernetes is the registered trademark of the Linux Foundation.

landing_page landingpage