Grant a user access

This quick start will help you grant access to a user for your DataStax Astra DB database with ease.

Here are the basic steps:

  1. Create your Astra DB account.

  2. Create your organization.

  3. Optional: Create a custom role with unique permissions.

  4. Assign a role to a user.

  5. Generate an application token.

If you are using a classic database that was created before 4 March 2021 and has not been migrated to the newest authentication, you cannot use application tokens for authentication. For more, see Authentication for classic databases.

Create your organization

  1. Open your Astra Portal and click the Organizations dropdown.

  2. Select the Organization dropdown and select Manage Organizations.

  3. Select + Add Organization. The Add Organization window opens.

    • Enter the name and email address for your new organization.

    • Select Add to add the new organization.

The organization is added to the list. An email is sent to the email address entered for the organization owner.

Optional: Create a custom role with unique permissions

You don’t have to create custom roles to assign permissions to users. Custom permissions allow you to grant specific permissions to specific databases and keyspaces. For more, see Manage custom user roles and User permissions.

You can also create custom roles using the DevOps API.

  1. In Astra Portal, select the organization in the left navigation to add a custom role.

  2. Select Settings.

  3. Select Role Management and then Add Custom Role.

  4. Enter the name you want to use for your custom role. This name should help you easily identify when you want to assign this role to users.

  5. Select the Organization, Keyspace, Table, and API permissions you want to assign to your custom role.

    If you want users with this role to be able to see the Astra DB user interface, make sure you select Read User and View DB permissions.

  6. To apply your selected permissions to specific databases or keyspaces, toggle the switch to not apply the permissions to all databases in an organization. Then select the specific databases or keyspaces to which you want to apply the permissions.

  7. Once you have selected your permissions, select Create Role.

Assign a role to a user

  1. From any page in Astra DB, select the Organizations dropdown.

    Organization Selection
  2. In the main dropdown, select Organization Settings.

  3. From the Users tab, select Invite User.

  4. Enter the email address for the user you want to invite for the specific user role. If adding multiple users, separate the email addresses with commas, spaces, or line breaks.

  5. Select the user role(s) for the user(s) you are inviting. Multiple roles are available within each group of roles for Organization Access, Database, Keyspace, or Table Access, and API Access.

  6. Select Invite Users to send email invitations to the users at their email address.

Invited users are listed as pending until they accept the invitation to join your organization.

Generate an application token

You can also create an application token using the DevOps API.

  1. From any page in Astra DB, select the Organizations dropdown.

    Organization Selection
  2. In the main dropdown, select Organization Settings.

  3. From your Organization page, select the Tokens tab.

  4. Select the role you want to attach to your token. The permissions for your selected role will be displayed.

  5. Select Generate Token. Astra DB will generate your token and display the Client ID, Client Secret, and Token.

  6. Download your Client ID, Client Secret, and Token.

After you navigate away from the page, you won’t be able to download your Client ID, Client Secret, and Token again. These tokens do not automatically expire, but can be destroyed in case they are compromised or no longer needed.

What’s next?

You can use your Client ID and Client Secret to connect to your database. See more about the available connection options:

Was this helpful?

Give Feedback

How can we improve the documentation?

© 2024 DataStax | Privacy policy | Terms of use

Apache, Apache Cassandra, Cassandra, Apache Tomcat, Tomcat, Apache Lucene, Apache Solr, Apache Hadoop, Hadoop, Apache Pulsar, Pulsar, Apache Spark, Spark, Apache TinkerPop, TinkerPop, Apache Kafka and Kafka are either registered trademarks or trademarks of the Apache Software Foundation or its subsidiaries in Canada, the United States and/or other countries. Kubernetes is the registered trademark of the Linux Foundation.

General Inquiries: +1 (650) 389-6000,