OpsCenter access roles overview
OpsCenter provides the ability to define custom, fine-grained access roles for users.
DataStax Enterprise customers have the ability to define custom, fine-grained access roles for their users. OpsCenter can be configured to require users to log in using OpsCenter authentication. Permissions to perform certain operations can be granted to each role, and a role can be assigned to users. A user can only be assigned one role. A role can be applied per cluster.
Admin role privileges
The admin role is built-in to OpsCenter and cannot be edited or removed. By default, the
admin role is the only role created automatically when authentication is enabled. Only users
with the admin role can manage users and roles, add new clusters, or manually update
definition files.
Important: Changing the default admin password is
strongly recommended the first time you log in.
Custom user role privileges
Only those assigned an admin role can define custom roles for users. The permissions of the
custom user roles are applied per cluster. Any functionality in OpsCenter that a user does
not have permission for appears as gray and unavailable to that logged in user.
Note: Adding
a cluster does not automatically add permissions for any existing roles. After adding a
cluster, apply the permissions to the cluster for each role as appropriate for your
organization.
Role permissions
When defining custom roles, each role can have specific permissions enabled for that role. Role permissions are applied per cluster.
| Permission | Description |
|---|---|
| Core functionality | |
| View Cluster | Allows users to view a cluster in the Clusters area of the OpsCenter Monitoring UI. |
| Install Agents | Allows users to install or upgrade agents automatically or manually. |
| Edit Connection Settings | Allows users to edit the cluster connection settings for a DSE cluster monitored in OpsCenter. |
| Manage Alerts | Allows users to add alerts for monitoring conditions in DSE clusters. |
| Cluster Configuration | Allows users to configure the Performance Service. |
| Services | |
| Backup Service | Allows users to perform backups and restores. |
| Best Practice Service | Allows users to configure and schedule Best Practice Service rules for managing DSE clusters. |
| Repair Service | Allows users to start, stop, and configure the Repair Service for running repairs on DSE clusters. |
| Performance Service Configuration | Allows users to configure the Performance Service. |
| Performance Service CQL Tracing | Allows users to trace slow CQL queries when troubleshooting query issues. |
| Node Operations | |
| Start and Stop | Allows users to start and stop DSE nodes. Start and stop nodes from the Other Actions menu options available in the List view, or from the Actions menu in the Node Details view. |
| Cleanup | Allows users to run a cleanup on one or more keyspaces. |
| Compact | Allows users to run compaction on a keyspaces and their tables. Major compactions are not recommended unless there is a compelling reason to do so. |
| Drain | Allows users to drain a node. The Drain option is available from the Actions menu in the Node Details dialog view, and also available when restarting DSE on a node. |
| Flush | Allows users to flush a keyspace and its tables. Flushing a keyspace might affect system performance when there are many live, large memtables. |
| Garbage Collection | Allows users to perform garbage collection on nodes. Running GC causes a spike in latency. The Perform GC option is available from the Other Actions menu in the List view, or from the Actions menu in the Node Details dialog view. |
| Repair | Allows users to run an ad hoc repair operation on selected nodes in the List view. |
| Data | |
| Data Explorer | Deprecated. As a result of moving from thrift to native transport, the Data Explorer feature has been removed from OpsCenter. The Data Explorer feature in OpsCenter has been deprecated in favor of DataStax DevCenter, a visual CQL tool. Find more information about DevCenter and a link to download at http://www.datastax.com/what-we-offer/products-services/devcenter. |
| Modify Schema | Allows users to modify the tables (delete or truncate) in the Data workspace of OpsCenter. |
| Truncate Data | Allows users to truncate data in a table. |
| View Schema | Allows users to view the CQL statements for the schema in the Data workspace of OpsCenter. |
| Cluster Topology | |
| Add Nodes | Deprecated. Now users add nodes to an existing DSE cluster using Lifecycle Manager. Anyone assigned an admin role can use any feature of LCM. |
| Rebalance Cluster (non-vnode) | Allows users to rebalance a non-vnode cluster. Not applicable to vnodes. |
| Move | Allows users to move a node, enter a new token, and assign the new token to the node. During a move node operation, the node is unavailable and cluster performance might be affected. Not applicable to vnodes. Access the Move option from the Other Actions menu available in the List view, or from the Actions menu in the Node Details dialog view. |
| Decommission | Allows users to decommission a node from the Actions menu in the Node Details dialog view. |
| Remove Tokens | Allows removing tokens using the APIs. |