Adding database users

Set up the primary login roles for users that are authenticated against the DSE database.

A user account stored in the DataStax Enterprise database is a role that has a login and password.
Note: To set up the DSE database user directory feature, set a scheme in the to internal.

Procedure

  1. Create a role with login enabled and an internally stored password: 
    CREATE ROLE role_name 
WITH LOGIN = true 
AND PASSWORD = 'password_string';
    where
    • role_name - The user name for authentication. Enclose the role names that include uppercase or special characters in double quotes.
    • LOGIN = true - Allows the role to access the database.
    • PASSWORD = 'default_password' - Stored internally for database managed accounts.
    • (Optional) superuser = true - Gives full access to all database objects to the user. See Adding a superuser login.
  2. To allow the role to be used for authentication when is true, bind the role to an authentication scheme: 
    GRANT EXECUTE 
ON INTERNAL SCHEME 
TO role_name;
  3. To allow another role to manage the new role: 
    GRANT AUTHORIZE FOR ALTER, DROP
ON new_role_name 
TO management_role;
    Tip: All superusers have authorize permissions on all roles. And the role that created the role is granted all permissions on the role.
  4. Each user can change their own password with the command.
    1. User logs in with their role name: 
      cqlsh -u role_name -p default_password
    2. Changes the password: 
      ALTER ROLE role_name 
WITH password = 'newpassword';

What's next

Assign permissions to the role, see Assigning permissions.