User permissions

Default and custom roles allow admins to manage unique permissions for users based on your organization and database requirements.

You can add users to your organization with a defined role.

The following roles can use the application token to use the DevOps API:

  • Organization Administrator

  • Database Administrator

  • Custom roles with create, terminate, and expand database permissions

Each role allows for unique permissions as defined below:

Organization Access Roles

Organization Administrator

  • View billing

  • Modify billing

  • View users in an organization

  • Modify users in an organization

  • View databases in organization

  • Create, terminate, and expand database

  • VPC peering for database

  • Reset database password

  • Park/unpark database

Database Administrator

  • View databases in organization

  • Create, terminate, and expand database

  • VPC peering for database

  • Reset database password

  • Park/unpark database

Billing Administrator

  • View databases in organization

  • View billing

  • Modify billing

Database Access (View Only)

  • View databases in organization

Database, Keyspace, or Table Access Roles

Developer Administrator

Preexisting Database Access roles have been replaced with the Developer Administrator role and its associated permissions.

  • Schema changes, including select, grant, modify, describe, authorize, drop for the tables and/or keyspaces for which the permission is granted

  • Modify and describe keyspaces and tables within the database

  • Select and describe keyspaces and tables within the database

  • View databases in organization

  • CQL access based on database access permissions

  • GraphQL API access based on database access permissions

  • REST and Document API access based on database access permissions

  • Reset database password

  • Park/unpark database

Developer Read/Write

  • Modify and describe keyspaces and tables within the database

  • Select and describe keyspaces and tables within the database

  • View databases in organization

  • CQL access based on database access permissions

  • GraphQL API access based on database access permissions

  • REST and Document API access based on database access permissions

Developer Read Only

  • Select and describe keyspaces and tables within the database

  • View databases in organization

  • CQL access based on database access permissions

  • GraphQL API access based on database access permissions

  • REST and Document API access based on database access permissions

Developer Service Account Administrator

  • Schema changes, including select, grant, modify, describe, authorize, drop for the tables and/or keyspaces for which the permission is granted

  • Modify and describe keyspaces and tables within the database

  • Select and describe keyspaces and tables within the database

  • CQL access based on database access permissions

  • GraphQL API access based on database access permissions

  • REST and Document API access based on database access permissions

  • Reset database password

  • Park/unpark database

Developer Service Account Read/Write

  • Modify and describe keyspaces and tables within the database

  • Select and describe keyspaces and tables within the database

  • CQL access based on database access permissions

  • GraphQL API access based on database access permissions

  • REST and Document API access based on database access permissions

Developer Service Account Read Only

  • Select and describe keyspaces and tables within the database

  • CQL access based on database access permissions

  • GraphQL API access based on database access permissions

  • REST and Document API access based on database access permissions

API Access Roles

API Developer Administrator

  • Schema changes, including select, grant, modify, describe, authorize, drop for the tables and/or keyspaces for which the permission is granted

  • Modify and describe keyspaces and tables within the database

  • Select and describe keyspaces and tables within the database

  • View databases in organization

  • GraphQL API access based on database access permissions

  • REST and Document API access based on database access permissions

  • Reset database password

  • Park/unpark database

API Developer Read/Write

  • Modify and describe keyspaces and tables within the database

  • Select and describe keyspaces and tables within the database

  • View databases in organization

  • GraphQL API access based on database access permissions

  • REST and Document API access based on database access permissions

API Developer Read Only

  • Select and describe keyspaces and tables within the database

  • View databases in organization

  • GraphQL API access based on database access permissions

  • REST and Document API access based on database access permissions

API Service Account Administrator

  • Schema changes, including select, grant, modify, describe, authorize, drop for the tables and/or keyspaces for which the permission is granted

  • Modify and describe keyspaces and tables within the database

  • Select and describe keyspaces and tables within the database

  • GraphQL API access based on database access permissions

  • REST and Document API access based on database access permissions

  • Reset database password

  • Park/unpark database

API Service Account Read/Write

  • Modify and describe keyspaces and tables within the database

  • Select and describe keyspaces and tables within the database

  • GraphQL API access based on database access permissions

  • REST and Document API access based on database access permissions

API Service Account Read Only

  • Select and describe keyspaces and tables within the database

  • GraphQL API access based on database access permissions

  • REST and Document API access based on database access permissions