OpsCenter access roles overview 

OpsCenter provides the ability to define custom, fine-grained access roles for users.

DataStax Enterprise customers have the ability to define custom, fine-grained access roles for their users. OpsCenter can be configured to require users to log in using OpsCenter authentication. Permissions to perform certain operations can be granted to each role, and a role can be assigned to users. A user can only be assigned one role. A role can be applied per cluster.

Admin role privileges 

The admin role is built-in to OpsCenter and cannot be edited or removed. By default, the admin role is the only role created automatically when authentication is enabled. Only users with the admin role can manage users and roles, add new clusters, or manually update definition files.
Important: Changing the default admin password is strongly recommended the first time you log in.

Custom user role privileges 

Only those assigned an admin role can define custom roles for users. The permissions of the custom user roles are applied per cluster. Any functionality in OpsCenter that a user does not have permission for appears as gray and unavailable to that logged in user.
Note: Adding a cluster does not automatically add permissions for any existing roles. After adding a cluster, apply the permissions to the cluster for each role as appropriate for your organization.

Role permissions 

When defining custom roles, each role can have specific permissions enabled for that role. Role permissions are applied per cluster.

Role permissions
Permission Description
Core functionality
View Cluster Allows users to view a cluster in the Clusters area of the OpsCenter Monitoring UI.
Install Agents Allows users to install or upgrade agents automatically or manually.
Edit Connection Settings Allows users to edit the cluster connection settings for a DSE cluster monitored in OpsCenter.
Manage Alerts Allows users to add alerts for monitoring conditions in DSE clusters.
Cluster Configuration Allows users to configure the Performance Service.
Services
Backup Service Allows users to perform backups and restores.
Best Practice Service Allows users to configure and schedule Best Practice Service rules for managing DSE clusters.
Repair Service Allows users to start, stop, and configure the Repair Service for running repairs on DSE clusters.
Performance Service Configuration Allows users to configure the Performance Service.
Performance Service CQL Tracing Allows users to trace slow CQL queries when troubleshooting query issues.
Node Operations
Start and Stop Allows users to start and stop DSE nodes. Start and stop nodes from the Other Actions menu options available in the List view, or from the Actions menu in the Node Details view.
Cleanup Allows users to run a cleanup on one or more keyspaces.
Compact Allows users to run compaction on a keyspaces and their tables. Major compactions are not recommended unless there is a compelling reason to do so.
Drain Allows users to drain a node. The Drain option is available from the Actions menu in the Node Details dialog view, and also available when restarting DSE on a node.
Flush Allows users to flush a keyspace and its tables. Flushing a keyspace might affect system performance when there are many live, large memtables.
Garbage Collection Allows users to perform garbage collection on nodes. Running GC causes a spike in latency. The Perform GC option is available from the Other Actions menu in the List view, or from the Actions menu in the Node Details dialog view.
Repair Allows users to run an ad hoc repair operation on selected nodes in the List view.
Data
Data Explorer Deprecated. As a result of moving from thrift to native transport, the Data Explorer feature has been removed from OpsCenter. The Data Explorer feature in OpsCenter has been deprecated in favor of DataStax DevCenter, a visual CQL tool. Find more information about DevCenter and a link to download at http://www.datastax.com/what-we-offer/products-services/devcenter.
Modify Schema Allows users to modify the tables (delete or truncate) in the Data workspace of OpsCenter.
Truncate Data Allows users to truncate data in a table.
View Schema Allows users to view the CQL statements for the schema in the Data workspace of OpsCenter.
Cluster Topology
Add Nodes Deprecated. Now users add nodes to an existing DSE cluster using Lifecycle Manager. Anyone assigned an admin role can use any feature of LCM.
Rebalance Cluster (non-vnode) Allows users to rebalance a non-vnode cluster. Not applicable to vnodes.
Move Allows users to move a node, enter a new token, and assign the new token to the node. During a move node operation, the node is unavailable and cluster performance might be affected. Not applicable to vnodes. Access the Move option from the Other Actions menu available in the List view, or from the Actions menu in the Node Details dialog view.
Decommission Allows users to decommission a node from the Actions menu in the Node Details dialog view.
Remove Tokens Allows removing tokens using the APIs.