Syntax for authorizing roles for an authentication
scheme.
dse.yaml
The location of the
dse.yaml file depends on the type of
installation:
Package installations
/etc/dse/dse.yaml
Tarball installations
installation_location/resources/dse/conf/dse.yaml
When using multiple authentication schemes, there can be overlap between users and groups.
For example, an internal login role admin and an LDAP group admin. For each role, you can
bind the role to an authentication scheme preventing roles from being assigned to the wrong
users.
Restriction: Only applies when the authentication_optionsscheme_permissions in the
dse.yaml is set to x fv.
Schemes hierarchy:Figure 1.
Synopsis
ALL AUTHENTICATION SCHEMES
Allows role to be assigned to users who authenticated against any
scheme.
GRANT EXECUTE
ON ALL AUTHENTICATION SCHEMES
TO role_name;
LDAP SCHEME | KERBEROS SCHEME | INTERNAL SCHEME
Only assigns role to user if they authenticated against the specified
scheme:
GRANT EXECUTE
ON (LDAP SCHEME | KERBEROS SCHEME | INTERNAL SCHEME)
TO role_name;
Permission matrix
Permission
Resource
Description
EXECUTE
ALL AUTHENTICATION SCHEMES
Assign role to user from any scheme.
LDAP SCHEME
Assign role to only LDAP users.
KERBEROS SCHEME
Assign role to only Kerberos principals.
INTERNAL SCHEME
Assign role to only internally authenticated login roles.
