Roles

Role management and role proxy permissions use the following modelled hierarchy:

Roles > role

Synopsis

  • ALL ROLES

    GRANT <permission>[, <permission> ...]
ON ALL ROLES
TO <role_name>;

    where permission values are ALL PERMISSIONS, ALTER, AUTHORIZE, CREATE, DESCRIBE, and DROP

  • ROLE

    GRANT <permission>[, <permission> ...]
ON ROLE <role_name>
TO <role_name>;

    where permission values are ALL PERMISSIONS, ALTER, AUTHORIZE, CREATE, DESCRIBE, and DROP

  • Role as a permission set (applies if Role Manager mode: internal)

    GRANT <role_name>
TO <role_name>;

    Nesting roles gives all the permissions of the first role in the statement to the second. With internal role management, use permission set roles to create your own hierarchical permissions structures.

Permission matrix

Permission matrix
Privilege Resource Permissions

ALL PERMISSIONS

ALL ROLES

All role permissions.

ALTER

ALL ROLES

ALTER ROLE any role

ALTER

ROLE <role_name>

ALTER ROLE specified role

CREATE

ALL ROLES

CREATE ROLE

DESCRIBE

ALL ROLES

LIST ROLES and LIST PERMISSIONS

DESCRIBE

ROLE <role_name>

DROP

ALL ROLES

DROP ROLE on any role.

DROP

ROLE <role_name>

DROP ROLE specified role.

<role_name>

<role_name>

Grant role (as a set of permissions) to another role.

Requires AUTHORIZE permission on the permission role and target role.

Was this helpful?

Give Feedback

How can we improve the documentation?

© 2025 DataStax | Privacy policy | Terms of use | Manage Privacy Choices

Apache, Apache Cassandra, Cassandra, Apache Tomcat, Tomcat, Apache Lucene, Apache Solr, Apache Hadoop, Hadoop, Apache Pulsar, Pulsar, Apache Spark, Spark, Apache TinkerPop, TinkerPop, Apache Kafka and Kafka are either registered trademarks or trademarks of the Apache Software Foundation or its subsidiaries in Canada, the United States and/or other countries. Kubernetes is the registered trademark of the Linux Foundation.

General Inquiries: +1 (650) 389-6000, info@datastax.com