Getting started: Grant a user access

This quick start will help you grant access to a user for your DataStax Astra DB database with ease.

Here are the basic steps:

  1. Create your Astra DB account.

  2. Create your organization.

  3. Optional: Create a custom role with unique permissions.

  4. Assign a role to a user.

  5. Generate an application token.

If you are using a classic database that was created before 4 March 2021 and has not been migrated to the newest authentication, you cannot use application tokens for authentication. For more, see Authentication for classic databases.

Create your organization

  1. From any page in Astra DB, select the Organizations dropdown.

    Organization Selection
  2. In the main dropdown, select Manage Organizations.

  3. Select Add Organization. The Add Organization window opens.

    • Enter the name and email address for your new organization.

    • Select Add to add the new organization.

The organization is added to the list. An email is sent to the email address entered for the organization owner.

Optional: Create a custom role with unique permissions

You don’t have to create custom roles to assign permissions to users. Custom permissions allow you to grant specific permissions to specific databases and keyspaces. For more, see Manage custom user roles and User permissions.

You can also create custom roles using the DevOps API.

  1. From any page in Astra DB, select the Organizations dropdown.

  2. In the main dropdown, select the organization for which you want to add your custom role.

  3. From your Organization page, select Role Management.

  4. Select Add Custom Role.

  5. Enter the name you want to use for your custom role. This name should help you easily identify when you want to assign this role to users.

  6. Select the Organization, Keyspace, Table, and API permissions you want to assign to your custom role.

    If you want users with this role to be able to see the Astra DB user interface, make sure you select Read User and View DB permissions.

  7. If you want to apply your selected permissions to specific databases or keyspaces, toggle the switch to not apply the permissions to all databases in an organization. Then select the specific databases or keyspaces to which you want to apply the permissions.

  8. Once you have selected your permissions, select Create Role.

Assign a role to a user

  1. From any page in Astra DB, select the Organizations dropdown.

    Organization Selection
  2. In the main dropdown, select Organization Settings.

  3. From User Management, select Invite User.

  4. Enter the email addresses for the users you want to invite for the specific user roles. Separate the email addresses with commas, spaces, or line breaks.

  5. Select the user role(s) for the user(s) you are inviting. Multiple roles are available within each group of roles for Organization Access, Database, Keyspace, or Table Access, and API Access.

  6. Select Invite Users to send email invitations to the users at their email address.

Invited users are listed as pending until they accept the invitation to join your organization.

Generate an application token

You can also create an application token using the DevOps API.

  1. From any page in Astra DB, select the Organizations dropdown.

    Organization Selection
  2. In the main dropdown, select Organization Settings.

  3. From your Organization page, select Token Management.

  4. Select the role you want to attach to your token. The permissions for your selected role will be displayed.

  5. Select Generate Token. Astra DB will generate your token and display the Client ID, Client Secret, and Token.

  6. Download your Client ID, Client Secret, and Token.

After you navigate away from the page, you won’t be able to download your Client ID, Client Secret, and Token again.

What’s next?

You can now use your token to connect to the Astra DB APIs. See more about the available APIs:

You can use your Client ID and Client Secret to connect to your database. See more about the available connection options: