System tables for authentication and authorization

Astra DB doesn’t support user, role, or permission management in CQL. For more information, see Roles and permissions reference.

Internal authentication and authorization information is stored in the following Cassandra tables:

system_auth.roles

Table that stores the role name, whether the role can be used for login, whether the role is a superuser, what other roles the role may be a member of, and a bcrypt salted hash password for the role.

system_auth.role_members

Table that stores the roles and role members.

system_auth.role_permissions

Table that stores the role, a resource (keyspace, table), and the permission that the role has to access the resource.

system_auth.recqlshSourceole_permissons_index

Table that stores the role and a resource that the role has a set permission.

Was this helpful?

Give Feedback

How can we improve the documentation?

© Copyright IBM Corporation 2026 | Privacy policy | Terms of use Manage Privacy Choices

Apache, Apache Cassandra, Cassandra, Apache Tomcat, Tomcat, Apache Lucene, Apache Solr, Apache Hadoop, Hadoop, Apache Pulsar, Pulsar, Apache Spark, Spark, Apache TinkerPop, TinkerPop, Apache Kafka and Kafka are either registered trademarks or trademarks of the Apache Software Foundation or its subsidiaries in Canada, the United States and/or other countries. Kubernetes is the registered trademark of the Linux Foundation.

General Inquiries: Contact IBM