Managing roles

The default cassandra role has the same credentials in all environments. DataStax recommends locking down the cluster using firewall rules to prevent malicious activity at least until a new root account has been established.

About roles

Define roles and configure permissions to control access to database resources for authenticated users.

Creating superuser accounts

After enabling role-based access control, create your own superuser account and disable or drop the default cassandra account.

Creating roles for internal mode

Create roles that match the user name.

Creating roles for LDAP mode

Create roles that match group names in the LDAP server to manage role assignment with LDAP.

Creating roles for Kerberos principals

Create roles to match Kerberos principal name.

Binding a role to an authentication scheme

Prevent unintentional role assignment when a group name or user name is found in multiple schemes.

Configuring proxy roles for applications

Proxy roles allow an authenticated account (role) to run CQL statements using a different role.

Was this helpful?

Give Feedback

How can we improve the documentation?

© 2024 DataStax | Privacy policy | Terms of use

Apache, Apache Cassandra, Cassandra, Apache Tomcat, Tomcat, Apache Lucene, Apache Solr, Apache Hadoop, Hadoop, Apache Pulsar, Pulsar, Apache Spark, Spark, Apache TinkerPop, TinkerPop, Apache Kafka and Kafka are either registered trademarks or trademarks of the Apache Software Foundation or its subsidiaries in Canada, the United States and/or other countries. Kubernetes is the registered trademark of the Linux Foundation.

General Inquiries: +1 (650) 389-6000,