Authentication scheme resources

Syntax for authorizing roles for an authentication scheme.

dse.yaml

The location of the dse.yaml file depends on the type of installation:
Package installations /etc/dse/dse.yaml
Tarball installations installation_location/resources/dse/conf/dse.yaml

When using multiple authentication schemes, there can be overlap between users and groups. For example, an internal login role admin and an LDAP group admin. For each role, you can bind the role to an authentication scheme preventing roles from being assigned to the wrong users.

Restriction: Only applies when the authentication_options in the dse.yaml is set to x fv.
Schemes hierarchy:

Synopsis

ALL AUTHENTICATION SCHEMES
Allows role to be assigned to users who authenticated against any scheme.
GRANT EXECUTE
ON ALL AUTHENTICATION SCHEMES 
TO role_name;
LDAP SCHEME | KERBEROS SCHEME | INTERNAL SCHEME
Only assigns role to user if they authenticated against the specified scheme:
GRANT EXECUTE 
ON (LDAP SCHEME | KERBEROS SCHEME | INTERNAL SCHEME) 
TO role_name;

Permission matrix

Permission Resource Description
EXECUTE ALL AUTHENTICATION SCHEMES Assign role to user from any scheme.
LDAP SCHEME Assign role to only LDAP users.
KERBEROS SCHEME Assign role to only Kerberos principals.
INTERNAL SCHEME Assign role to only internally authenticated login roles.