The default cassandra role has the same credentials in all environments. DataStax recommends locking down the cluster using firewall rules to prevent malicious activity at least until a new root account has been established.
- About roles
Define roles and configure permissions to control access to database resources for authenticated users.
- Creating superuser accounts
After enabling role-based access control, create your own superuser account and disable or drop the default cassandra account.
- Creating roles for internal mode
Create roles that match the user name.
- Creating roles for LDAP mode
Create roles that match group names in the LDAP server to manage role assignment with LDAP.
- Creating roles for Kerberos principals
Create roles to match Kerberos principal name.
- Binding a role to an authentication scheme
Prevent unintentional role assignment when a group name or user name is found in multiple schemes.
- Configuring proxy roles for applications
Proxy roles allow an authenticated account (role) to run CQL statements using a different role.