About Role Based Access Control

Role-based access control (RBAC) is available only after completing Enable DSE Unified Authentication.

A role is a database resource to which privileges are assigned that manage access to other database resources.

Understanding Role assignment

The DataStax Enterprise (DSE) Role Manager mode controls how a role is assigned to an authenticated user.

  • internal - Each user has a login role. When the authentication method is external the user name is matched to a role name and the role must have login set to true.

    DSE supports nested roles which allows permission to be managed as sets. Use the GRANT <role_name> TO <role_name> command to assign one role to another as a permission set.

  • ldap - Looks up the authenticated user’s LDAP group membership. Users are assigned all the roles that match an LDAP group name. At least one matching role must have login set to true. DSE roles automatically change as LDAP group membership changes.

    DSE does not support nesting roles with the Role Management mode LDAP.

Was this helpful?

Give Feedback

How can we improve the documentation?

© 2025 DataStax | Privacy policy | Terms of use | Manage Privacy Choices

Apache, Apache Cassandra, Cassandra, Apache Tomcat, Tomcat, Apache Lucene, Apache Solr, Apache Hadoop, Hadoop, Apache Pulsar, Pulsar, Apache Spark, Spark, Apache TinkerPop, TinkerPop, Apache Kafka and Kafka are either registered trademarks or trademarks of the Apache Software Foundation or its subsidiaries in Canada, the United States and/or other countries. Kubernetes is the registered trademark of the Linux Foundation.

General Inquiries: +1 (650) 389-6000, info@datastax.com