Adding database users
A user account stored in the DataStax Enterprise database is a role that has a
To set up the DSE database user directory feature, set a scheme in the authentication to
Create a role with
loginenabled and an internally stored password:
CREATE ROLE <role_name> WITH LOGIN = true AND PASSWORD = '<password_string>';
<role_name>- The user name for authentication. Enclose the role names that include uppercase or special characters in double quotes.
LOGIN = true- Allows the role to access the database.
PASSWORD = '<default_password>'- Stored internally for database managed accounts.
superuser = true- Gives full access to all database objects to the user. See Adding a superuser login.
This command can also be modified to use a hashed password:
CREATE ROLE <role_name> WITH LOGIN = true AND HASHED PASSWORD = '<hashed_password_string>';
with the DSE tool
hash_password -p <hashed_password_string>.
To allow the role to be used for authentication when scheme_permissions is true, bind the role to an authentication scheme:
GRANT EXECUTE ON INTERNAL SCHEME TO <role_name>;
To allow another role to manage the new role:
GRANT AUTHORIZE FOR ALTER, DROP ON <new_role_name> TO <management_role>;
All superusers have authorize permissions on all roles. And the role that created the role is granted all permissions on the role.
Each user can change their own password with the ALTER ROLE command.
User logs in with their role name:
cqlsh -u <role_name> -p <default_password>
Changes the password:
ALTER ROLE <role_name> WITH password = '<newpassword>';
or if using a hashed password:
ALTER ROLE <role_name> WITH HASHED PASSWORD = '<Hashed_newpassword>';