Manage superuser accounts

DataStax recommends that you do not use the cassandra role for regular user access, and that you create a custom superuser immediately after creating a keyspace.

This topic provides instructions on how to create a new superuser account, reset your superuser password, and delete the default superuser account.

About superuser accounts

The cassandra account serves as the default superuser account. This account provides full access to all keyspaces and tables in the database. DataStax recommends that you replace the cassandra account with a new superuser account.

To create a new superuser account, you must do the following:

  • Create a new superuser account with the SUPERUSER and LOGIN permissions.

  • Grant the new superuser account the ALL permission.

  • Reset the superuser password.

  • Delete the default cassandra superuser account.

Create a new superuser account for your database

  1. Create a new superuser account:

    CREATE ROLE ROOT_ACCOUNT_NAME
    WITH SUPERUSER = true
    AND LOGIN = true
    WITH PASSWORD = 'ROLE_PASSWORD';

    Replace the following:

    • ROOT_ACCOUNT_NAME: The name of your root account

    • ROLE_PASSWORD: The role password

  2. Make sure the account exists:

    LIST ROLE ROOT_ACCOUNT_NAME;

    Replace ROOT_ACCOUNT_NAME with the name of your root account.

  3. Grant the new superuser account the ALL permission:

    GRANT ALL PERMISSIONS ON ALL KEYSPACES TO ROOT_ACCOUNT_NAME;

    Replace ROOT_ACCOUNT_NAME with the name of your root account.

  4. Check that the new superuser account has the ALL permission:

    LIST ALL PERMISSIONS OF ROOT_ACCOUNT_NAME;

    Replace ROOT_ACCOUNT_NAME with the name of your root account.

Reset your superuser password

You can change your superuser password at any time. You must ensure that all passwords meet the following requirements:

  • Includes at least 8 characters, a lowercase letter, an uppercase letter, and a number.

  • Does not include parts of your username.

  • Is not any of your last four passwords.

To reset your superuser password, do the following:

  1. Sign into the cqlsh using your superuser credentials.

  2. Run the following command to change your password:

    ALTER USER superuser WITH PASSWORD 'NEW_PASSWORD';

    Replace NEW_PASSWORD with your new password.

    You can access your databases with your new password.

Delete the default superuser account

After you create a new superuser account, you can delete the default cassandra superuser account.

To delete the default superuser account, do the following:

  1. Log into the cqlsh using your superuser credentials.

  2. Run the following command to delete the cassandra superuser account:

    DROP ROLE cassandra;

  3. Make sure the cassandra account is deleted:

    LIST ROLE cassandra;

    After you delete the cassandra account, you can no longer access the database with the cassandra account.

Was this helpful?

Give Feedback

How can we improve the documentation?

© 2024 DataStax | Privacy policy | Terms of use

Apache, Apache Cassandra, Cassandra, Apache Tomcat, Tomcat, Apache Lucene, Apache Solr, Apache Hadoop, Hadoop, Apache Pulsar, Pulsar, Apache Spark, Spark, Apache TinkerPop, TinkerPop, Apache Kafka and Kafka are either registered trademarks or trademarks of the Apache Software Foundation or its subsidiaries in Canada, the United States and/or other countries. Kubernetes is the registered trademark of the Linux Foundation.

General Inquiries: +1 (650) 389-6000, info@datastax.com