Setting up Logins and Users

The DataStax Enterprise (DSE) database uses Role-Based Access Control (RBAC). Set up roles to manage access control for database objects.

The default cassandra role has the same credentials in all environments. DataStax recommends locking down the cluster using firewall rules to prevent malicious activity until a new root account is established.
Adding a superuser login

After enabling role-based access control, create your own superuser login and disable or drop the default cassandra login.

Adding database users

Set up the primary login roles for users who are authenticated against the DSE database.

Internally stored passwords

Learn how DSE protects internally stored passwords for database users.

Adding roles for LDAP users and groups

Create roles to match LDAP user ids or group names.

Adding roles for Kerberos principals

Create roles to match the Kerberos principal name.

Setting up roles for applications

Proxy roles allow an authenticated account (role) to run CQL statements using a different role.

Binding a role to an authentication scheme

Prevent unintentional role assignment when a group name or user name is found in multiple schemes.

Was this helpful?

Give Feedback

How can we improve the documentation?

© 2025 DataStax | Privacy policy | Terms of use | Manage Privacy Choices

Apache, Apache Cassandra, Cassandra, Apache Tomcat, Tomcat, Apache Lucene, Apache Solr, Apache Hadoop, Hadoop, Apache Pulsar, Pulsar, Apache Spark, Spark, Apache TinkerPop, TinkerPop, Apache Kafka and Kafka are either registered trademarks or trademarks of the Apache Software Foundation or its subsidiaries in Canada, the United States and/or other countries. Kubernetes is the registered trademark of the Linux Foundation.

General Inquiries: +1 (650) 389-6000, info@datastax.com