Create database roles

Roles define access control to database resources, such as keyspaces, tables, and functions. In order to secure your HCD database, you can create roles for users and applications using CQL. Roles are used to define a set of permissions that can be assigned to other roles and mapped to external users. Roles can also be used to create login accounts for CQL users.

The first role that you should set is the default superuser role. This role can be thought of as the root user in a Linux system. The superuser role has full access to all keyspaces and tables in the database. This role is defined by default with the login username cassandra and password cassandra. It should be changed to a more secure username and password.

For other roles, you can create roles with specific permissions to access specific keyspaces and tables. The security quickstart in the CQL documentation provides a good starting point for creating roles and setting permissions.

The following example shows how to create a role for a user named alice with the password alice and the ability to access the cycling keyspace:

CREATE ROLE alice WITH PASSWORD = 'alice' AND LOGIN = true;
GRANT SELECT ON KEYSPACE cycling TO alice;

Alice will be able to access the cycling keyspace, but only with the SELECT permission.

Roles can be created that allow a graded level of access to keyspaces and tables.

Was this helpful?

Give Feedback

How can we improve the documentation?

© 2024 DataStax | Privacy policy | Terms of use

Apache, Apache Cassandra, Cassandra, Apache Tomcat, Tomcat, Apache Lucene, Apache Solr, Apache Hadoop, Hadoop, Apache Pulsar, Pulsar, Apache Spark, Spark, Apache TinkerPop, TinkerPop, Apache Kafka and Kafka are either registered trademarks or trademarks of the Apache Software Foundation or its subsidiaries in Canada, the United States and/or other countries. Kubernetes is the registered trademark of the Linux Foundation.

General Inquiries: +1 (650) 389-6000, info@datastax.com