Creating additional users to access DataStax Astra databases

Administrator users can create additional users and give them privileges to access DataStax Astra databases.

When creating a database, a database user is created with the appropriate permissions to take any action within the created keyspace. This user is not a database superuser. However, the database user is granted the following permissions in the keyspace created on the database:
  • Create, select, modify, drop, and describe database objects
  • Grant the same or lesser permissions to additional database users
  • Create and drop additional database users using the Cassandra Query Language (CQL)
Note: You must be the owner of the database to create additional users within the selected keyspace.
The following GRANT statements provide these permissions:
GRANT AUTHORIZE FOR CREATE, SELECT, MODIFY, DROP, DESCRIBE ON KEYSPACE keyspace_name TO database_user;
GRANT DESCRIBE, CREATE, SELECT, MODIFY, DROP ON KEYSPACE keyspace_name TO database_user;
GRANT CREATE, DROP ON ALL ROLES TO database_user;

Prerequisites

Create a database using DataStax Astra for Apache Cassandra.

Procedure

  1. Open a browser, navigate to DataStax Astra for Apache Cassandra, and log in.
  2. Click Manage via DataStax to open DataStax Astra on Google Cloud.
  3. From the Databases page, choose the database where you want to create a new user.
  4. In your database, click the CQL Console tab to open the Cassandra Query Language SHell (CQLSH).
    1. Enter the database username and password to log in to CQLSH.
    2. Run the following CQL command to create a new database user with the specified password.

      When the created user logs in to CQLSH, they must enter their password. If they do not specify a password, they are prompted to enter one.

      CREATE ROLE username WITH PASSWORD = 'password' AND LOGIN = true;
    3. Grant sufficient privileges for the user based on their needs.

      The following example grants the specified username privileges to create, describe, select, and update data on all tables in the specified keyspace_name. Additionally, the command grants the specified user all permissions to search indexes in the keyspace.

      GRANT CREATE, DESCRIBE, SELECT, UPDATE ON KEYSPACE keyspace_name TO username;

Results

The specified user can access the database using the CQL shell (cqlsh).