• Glossary
  • Support
  • Downloads
  • DataStax Home
Get Live Help
Expand All
Collapse All

DataStax Enterprise 6.8 Documentation

    • Overview
      • Release notes
        • DSE release notes
        • Cass Operator release notes
        • Studio release notes
        • Bulk loader release notes
        • Kafka Connector release notes
    • Architecture
      • Architecture FAQ
      • Database architecture
        • Architecture in brief
        • Internode communications (gossip)
        • Data distribution and replication
          • Data distribution to nodes
          • Consistent hashing
          • Virtual nodes
          • Data replication
          • Partitioners
          • Snitches
            • Dynamic snitching
            • Types of snitches
        • Node repair
          • NodeSync: Continuous background repair
          • Hinted handoff: repair during write path
          • Read Repair: repair during read path
          • Anti-entropy repair
      • Component architecture
        • DSE Analytics
        • DSE Search
        • DSE Graph
          • When to use DSE Graph
          • OLTP and OLAP
          • Comparing DSE Graph and relational databases
          • Migrating to DSE Graph from a relational database
          • Migrating to DSE Graph from Apache Cassandra
      • Database internals
        • Storage engine
        • About reads and writes
          • How is data written?
          • How is data maintained?
          • How is data updated?
          • How is data deleted?
          • What are tombstones?
          • How are indexes stored and updated?
          • How is data read?
          • How do write patterns affect reads?
        • Data consistency
          • Read and write consistency
          • Differences between DSE and RDBMS transactions
          • Using lightweight transactions
          • Consistency level performance
          • Consistency level configuration
          • Configuring serial consistency
          • Read requests
            • Read consistency levels examples
          • Write requests
            • Multiple datacenter write requests
    • Planning
      • Initializing a cluster
        • Initializing datacenters
          • Initializing a single datacenter per workload type
          • Initializing multiple datacenters per workload type
        • Setting seed nodes for a single datacenter
        • Use cases for listen address
      • Initializing single-token architecture datacenters
        • Calculating tokens for single-token architecture nodes
    • Getting started
    • Installing
      • Which install method should I use?
      • Install on a single node
      • Installing supporting software
      • Installing a cluster using Lifecycle Manager 6.8
      • Installing from the Yum package
      • RedHat systemd configuration
      • Installing from the Debian package
      • Install from the tarball on any Linux distribution
      • Installing patch releases
      • Installing on cloud providers
      • Installing on Docker
      • Uninstalling DSE
      • Default DSE file locations
        • Package installations
        • Tarball installations
      • Installing DSE 6.8 Tools
        • Installing CQLSH
        • Installing DataStax Studio 6.8
        • Installing DSE Graph Loader
        • Installing DataStax Bulk Loader
        • Installing DataStax Apache Kafka Connector
      • Installing DSE OpsCenter 6.8
        • Installing from the RPM package
        • Installing from the Debian package
        • Installing from the tarball on any Linux distribution
        • Installing on Docker
        • Uninstalling OpsCenter
        • Installing DataStax Agents 6.8
          • Installing DataStax Agents automatically
          • Installing DataStax Agents manually
            • From the RPM package
            • From the Debian package
            • From a tarball
          • Setting Agent permissions to run as the DSE user
          • Configuring JAVA_HOME
    • Managing
      • Configuration
        • Recommended production settings
        • YAML and configuration properties
          • cassandra.yaml
          • dse.yaml
          • remote.yaml
          • cassandra-rackdc.properties
          • cassandra-topology.properties
        • Cloud provider snitches
          • Amazon EC2 single-region snitch
          • Amazon EC2 multi-region snitch
          • Google Cloud Platform
          • Apache CloudStack snitch
        • JVM system properties
          • Cassandra
          • JMX
          • DSE Search
          • TPC
          • LDAP
          • Kerberos
          • NodeSync
          • DSE Metrics Collector
        • Choosing a compaction strategy
        • NodeSync service
          • About NodeSync
          • Starting and stopping the NodeSync service
          • Enabling NodeSync validation
          • Tuning NodeSync validations
            • Setting the NodeSync rate
            • Setting the NodeSync deadline
          • Manually starting NodeSync validation
        • Using multiple network interfaces
        • Configuring gossip settings
        • Configuring the heap dump directory
        • Configuring Virtual Nodes
          • Virtual node (vnode) configuration
          • Enabling virtual nodes on an existing production cluster
        • Logging configuration
          • Changing logging locations
          • Configuring logging
          • Commit log archive configuration
          • Change Data Capture (CDC) logging
      • Tools
        • DSE Metrics Collector
        • nodetool
          • Get information
            • clientstats
            • describecluster
            • describering
            • getbatchlogreplaythrottle
            • getcachecapacity
            • getcachekeystosave
            • getconcurrentviewbuilders
            • getendpoints
            • getinterdcstreamthroughput
            • getlogginglevels
            • getseeds
            • getsstables
            • getstreamthroughput
            • gettimeout
            • gettraceprobability
            • help
            • info
            • inmemorystatus
            • rangekeysample
            • ring
            • status
            • version
          • Collect metrics
            • gcstats
            • netstats
            • proxyhistograms
            • tablehistograms
            • tablestats
            • toppartitions
            • tpstats
          • Perform operations
            • assassinate
            • bootstrap resume
            • decommission
            • disablebinary
            • disablegossip
            • drain
            • enablebinary
            • enablegossip
            • gossipinfo
            • invalidatecountercache
            • invalidatekeycache
            • invalidaterowcache
            • import
            • join
            • move
            • refresh
            • reloadtriggers
            • relocatesstables
            • removenode
            • replaybatchlog
            • sequence
            • sjk
            • statusbinary
            • statusgossip
            • stopdaemon
            • upgradesstables
          • Adjust settings
            • reloadseeds
            • setbatchlogreplaythrottle
            • setcachecapacity
            • setcachekeystosave
            • setconcurrentviewbuilders
            • setinterdcstreamthroughput
            • setlogginglevel
            • setstreamthroughput
            • settimeout
            • settraceprobability
          • Diagnose issues
            • failuredetector
            • leaksdetection
          • Manage backup commands
            • clearsnapshot
            • disablebackup
            • enablebackup
            • listsnapshots
            • snapshot
            • statusbackup
          • Ensure data consistency
            • abortrebuild
            • cleanup
            • flush
            • mark_unrepaired
            • rebuild
            • rebuild_index
            • rebuild_view
            • resetlocalschema
            • repair
            • scrub
            • verify
          • Manage compaction
            • compact
            • compactionhistory
            • compactionstats
            • disableautocompaction
            • enableautocompaction
            • garbagecollect
            • getcompactionthreshold
            • getcompactionthroughput
            • getconcurrentcompactors
            • setcompactionthreshold
            • setcompactionthroughput
            • setconcurrentcompactors
            • stop
          • Manage NodeSync service
            • nodesyncservice enable
            • nodesyncservice disable
            • nodesyncservice getrate
            • nodesyncservice ratesimulator
            • nodesyncservice setrate
            • nodesyncservice status
          • Manage hints
            • disablehandoff
            • disablehintsfordc
            • enablehandoff
            • enablehintsfordc
            • gethintedhandoffthrottlekb
            • getmaxhintwindow
            • handoffwindow
            • listendpointspendinghints
            • pausehandoff
            • resumehandoff
            • sethintedhandoffthrottlekb
            • setmaxhintwindow
            • statushandoff
            • truncatehints
        • dse commands
          • dse connection options
          • Perform routine DSE operations
            • add-node
            • cassandra
            • cassandra-stop
            • list-nodes
            • remove-node
            • -v
          • Manage Spark
            • exec
            • pyspark
            • spark
            • spark-class
            • spark-jobserver
            • spark-history-server
            • spark-sql
            • spark-sql-thriftserver
            • spark-submit
            • SparkR
          • Connect to development consoles
            • beeline
            • fs
            • gremlin-console
          • Connect external client to DSE node
            • dse client-tool help
            • client-tool connection options
            • cassandra
            • configuration export
            • configuration byos-export
            • configuration import
            • spark
            • alwayson-sql
            • graph-olap
          • Modifies CQL nodesync
            • disable
            • enable
            • help
            • tracing
              • disable
              • enable
              • show
              • status
            • validation
      • dsefs shell commands
        • Get information
          • df
          • du
          • echo
          • ls
          • pwd
          • realpath
          • stat
        • Navigate DSEFS
          • cd
          • exit
        • Manage files
          • append
          • cat
          • cp
          • fsck
          • get
          • mkdir
          • mv
          • put
          • rename
          • rm
          • rmdir
          • truncate
          • umount
        • Manage permissions
          • chgrp
          • chmod
          • chown
      • dsetool
        • Connection options
        • Get information
          • help
          • inmemorystatus
          • list_subranges
          • listjt
          • node_health
          • partitioner
          • ring
          • status
          • tieredtablestats
        • Perform operations
          • infer_solr_schema
          • perf
          • sparkmaster cleanup
          • sparkworker restart
          • tsreload
        • Configure DSE Metrics Collector
          • insights_config
          • insights_filters
        • Manage security
          • createsystemkey
          • encryptconfigvalue
          • managekmip list
          • managekmip expirekey
          • managekmip revoke
          • managekmip destroy
        • Manage search index
          • core_indexing_status
          • create_core
          • get_core_config
          • get_core_schema
          • index_checks
          • list_index_files
          • list_core_properties
          • read_resource
          • rebuild_indexes
          • reload_core
          • set_core_property
          • stop_core_reindex
          • unload_core
          • upgrade_index_files
          • write_resource
      • SSTable tools
        • Get information
          • sstabledump
          • sstableexpiredblockers
          • sstablemetadata
          • sstablepartitions
          • sstableutil
        • Perform operations
          • sstabledowngrade
          • sstablelevelreset
          • sstableloader
          • sstableofflinerelevel
          • sstablesplit
          • sstableupgrade
        • Ensure data consistency
          • sstablerepairedset
          • sstablescrub
          • sstableverify
      • Preflight check tool
      • Compare yaml files
        • yaml_diff
        • cluster_check
      • Operations
        • Starting and stopping DSE
          • Starting as a service
          • Starting as a stand-alone process
          • Stopping a node
        • Adding or removing nodes, datacenters, or clusters
          • Adding nodes to vnode-enabled cluster
          • Adding a datacenter to a cluster using a designated datacenter as a data source
          • Replacing a dead node or dead seed node
          • Replacing a running node
            • Adding a node and then decommissioning the old node
            • Replacing a running node
          • Moving a node from one rack to another
          • Decommissioning a datacenter
          • Removing a node
          • Changing the IP address of a node
          • Switching snitches
          • Changing keyspace replication strategy
          • Migrating or renaming a cluster
          • Adding single-token nodes to a cluster
          • Adding a datacenter to a single-token architecture cluster
          • Replacing a dead node in a single-token architecture cluster
        • Backing up and restoring data using the DSE Backup and Restore Service
          • About the DSE Backup and Restore Service
          • Enabling and configuring the DSE Backup and Restore Service
          • Creating and managing backup stores
          • Creating and managing backup configurations
          • Managing backups
          • Restoring backups
          • Backup and Restore Service CQL command reference
            • ALTER BACKUP CONFIGURATION
            • ALTER BACKUP STORE
            • CANCEL BACKUP
            • CANCEL RESTORE
            • CLEAN BACKUPS
            • CREATE BACKUP CONFIGURATION
            • CREATE BACKUP STORE
            • DROP BACKUP CONFIGURATION
            • DROP BACKUP STORE
            • FORCE RESTORE
            • LIST BACKUP CONFIGURATIONS
            • LIST BACKUPS FROM KEYSPACE
            • LIST BACKUP STORES
            • RESTORE
            • RUN BACKUP
            • VERIFY BACKUP STORE
        • Backing up and restoring data using snapshots
          • About snapshots
          • Taking a snapshot
          • Deleting snapshot files
          • Enabling incremental snapshot backups
          • Restoring from a snapshot
          • Restoring a snapshot into a new cluster
          • Recovering from a single disk failure using JBOD
        • Repairing nodes
          • Manual repair: Anti-entropy repair
          • When to run anti-entropy repair
          • Changing repair strategies
            • Migrating to full repairs
            • Migrating to incremental repairs
        • Monitoring a DSE cluster
        • Tuning the database
          • Tuning Java Virtual Machine
            • Changing heap size parameters
            • Configuring the garbage collector
              • G1 MaxGCPauseMillis
              • CMS parameters
          • Tuning Bloom filters
          • Configuring memtable thresholds
        • Data caching
          • Configuring data caches
            • Enabling caching globally
            • Tips for efficient cache use
          • Monitoring and adjusting caching
        • Compacting and compressing
          • Configuring compaction
          • Compression
            • When to compress data
            • Configuring compression
          • Testing compaction and compression
        • Materialized views maintenance guidelines
        • Migrating data to DSE
        • Collecting node health and indexing scores
        • Clearing data from DSE
      • DSE Management Services
        • Performance Service
          • Performance Service
          • Configuring Performance Service replication strategy
          • Collecting data
            • Collecting slow queries
            • Collecting system level diagnostics
            • Collecting object I/O level diagnostics
            • Statistics gathered for objects
            • Collecting database summary diagnostics
            • Collecting cluster summary diagnostics
            • Collecting histogram diagnostics
            • Collecting user activity diagnostics
            • Statistics gathered for user activity
          • Collecting search data
            • Collecting slow search queries
            • Collecting Apache Solr performance statistics
            • Collecting cache statistics
            • Collecting index statistics
            • Collecting handler statistics
            • Collecting request handler metrics
          • Monitoring Spark with Spark Performance Objects
          • Diagnostic table reference
          • Solr diagnostic table reference
            • Frequently asked questions
            • Slow sub-query log for search
            • Indexing error log
            • Query latency snapshot
            • Update latency snapshot
            • Commit latency snapshot
            • Merge latency snapshot
            • Filter cache statistics
            • Query result cache statistics
            • Index statistics
            • Update handler statistics
            • Update request handler statistics
            • Search request handler statistics
      • DSE In-Memory
        • Creating or altering tables to use DSE In-Memory
        • Verifying table properties
        • Managing memory
        • Backing up and restoring data
      • DSE Tiered Storage
        • About DSE Tiered Storage
        • Configuring DSE Tiered Storage
        • Testing configurations
      • DSE Multi-Instance
        • About DSE Multi-Instance
        • DSE Multi-Instance architecture
        • Adding nodes to DSE Multi-Instance
        • DSE Multi-Instance commands
    • Securing
      • Security FAQ
      • Security checklists
      • Securing the environment
        • Securing ports
        • Securing the TMP directory
      • Authentication and authorization
        • Configuring authentication and authorization
          • About DSE Unified Authentication
            • Steps for new deployment
            • Steps for production environments
          • Configuring security keyspaces
          • Setting up Kerberos
            • Kerberos guidelines
            • Enabling JCE Unlimited
              • Removing AES-256
            • Preparing DSE nodes for Kerberos
              • DNS and NTP
              • krb5.conf
              • Principal
              • Keytab
          • Enabling authentication and authorization
            • Defining a Kerberos scheme
            • Defining an LDAP scheme
          • Configuring JMX authentication
          • Configuring cache settings
          • Securing schema information
        • Managing database access
          • About RBAC
          • Setting up logins and users
            • Adding a superuser login
            • Adding database users
            • LDAP users and groups
              • LDAP logins
              • LDAP groups
            • Kerberos principal logins
            • Setting up roles for applications
            • Binding a role to an authentication scheme
          • Assigning permissions
            • Database object permissions
              • Data resources
              • Functions and aggregate resources
              • Search indexes
              • Roles
              • Proxy login and execute
              • Authentication schemes
              • DSE Utilities (MBeans)
              • Analytic applications
              • Remote procedure calls
            • Separation of duties
            • Keyspaces and tables
            • Row Level Access Control (RLAC)
            • Search index permissions
            • DataStax Graph keyspace
            • Spark application permissions
            • DataStax Studio permissions
            • Remote procedure calls
            • DSE client-tool spark
            • JMX MBean permissions
            • Deny (denylist) db object permission
            • Restricting access to data
        • Providing credentials from DSE tools
          • About clients
          • Internal and LDAP authentication
            • Command line
            • File
            • Environment variables
            • Using CQLSH
          • Kerberos
            • JAAS configuration file location
            • Keytab
            • Ticket Cache
            • Spark jobs
            • SSTableLoader
            • Graph and gremlin-console
            • dsetool
            • CQLSH
          • Nodetool
          • JConsole
      • Auditing database activity
        • Enabling database auditing
        • Capturing DSE Search HTTP requests
        • Log formats
        • View events from DSE audit table
      • Transparent data encryption
        • About Transparent Data Encryption
        • Configuring local encryption
          • Setting up local encryption keys
          • Encrypting configuration file properties
          • Encrypting system resources
          • Encrypting tables
          • Rekeying existing data
          • Using tools with TDE-encrypted SSTables
          • Troubleshooting encryption key errors
        • Configuring KMIP encryption
        • Encrypting Search indexes
          • Encrypting new Search indexes
          • Encrypting existing Search indexes
          • Tuning encrypted Search indexes
        • Migrating encrypted tables from earlier versions
        • Bulk loading data between TDE-enabled clusters
      • Configuring SSL
        • Steps for configuring SSL
        • Creating SSL certificates, keystores, and truststores
          • Remote keystore provider
          • Local keystore files
        • Securing node-to-node connections
        • Securing client-to-node connections
          • Configuring JMX on the server side
          • nodetool, nodesync, dsetool, and Advanced Replication
          • JConsole (JMX)
          • SSTableloader
          • Connecting to SSL-enabled nodes using cqlsh
        • Enabling SSL encryption for DSEFS
        • Reference: SSL instruction variables
      • Securing Spark connections
    • Tooling Resources
      • Stress tools
        • cassandra-stress tool
          • About the cassandra-stress tool
          • Interpret output
          • counter_read
          • counter_write
          • help
          • legacy
          • mixed
          • print
          • read
          • user
          • version
          • write
      • fs-stress tool
      • OpsCenter services
        • Best Practice Service
        • Capacity Service
        • Repair Service
    • DSE Advanced Replication
      • About DSE Advanced Replication
      • Architecture
      • Traffic between the clusters
      • Terminology
      • Getting started
      • Keyspaces
      • Data types
      • Operations
      • CQL queries
      • Metrics
      • Managing invalid messages
      • Managing audit logs
      • Command line tool
        • connection options
        • channel create
        • channel update
        • channel delete
        • channel pause
        • channel resume
        • channel status
        • channel truncate
        • conf list
        • conf remove
        • conf update
        • destination create
        • destination update
        • destination delete
        • destination list
        • destination list-conf
        • destination remove-conf
        • help
        • metrics list
        • replog count
        • replog analyze-audit-log
    • DSE Analytics
      • Setting the replication factor for analytics keyspaces
      • DSE Analytics and Search integration
        • Using predicate push down on search indexes in Spark SQL
      • About DSE Analytics Solo
      • DSEFS (DataStax Enterprise file system)
        • About DSEFS
        • Enabling DSEFS
        • Disabling DSEFS
        • Configuring DSEFS
        • Commands DSEFS
        • DSEFS compression
        • DSEFS authentication
        • DSEFS authorization
        • Using the DSEFS REST interface
        • Programmatic access to DSEFS
        • Hadoop FileSystem interface implemented by DseFileSystem
        • Using JMX to read DSEFS metrics
    • DSE Graph
      • About Graph
      • What’s new
      • Graph QuickStart
      • CQL as Graph
      • Convert CQL to Graph
      • Graph OLTP and OLAP
      • Graph data modeling
        • Data modeling introduction
        • Basic data modeling
        • Data modeling design
        • Advanced data modeling
      • Manage graph
        • Create a graph
        • Exanube a Graph
        • Drop a Graph
      • Manage schema
        • Create a Graph schema
        • Examine a schema
        • Create UDT schema
        • Create collection and tuple schema
        • Create vertex lable schema
        • Create edge lable schema
        • Indexing
        • Create index schema
        • Drop Graph schema
        • Vertex and edge IDs
      • Manage Graph data
        • Data formats
        • Insert data with Graph traversal API
        • DataStax Bulk Loader for Graph
          • Install DataStax Bulk Loader
          • DataStax Bulk Loader Examples
        • Load data with DseGraphFrames
        • Drop graph data
      • Discovering properties
      • Creating queries using traversals
        • Anatomy of a graph traversal
        • Use indexes
        • Use search indexes
        • Simple traversals
        • Geospatial traversals
        • Branching traversals
        • Recursive traversals
        • Path traversals
      • Graph analysis with DSE Analytics
        • DseGraphFrame overview
          • TinkerPop API support in DseGraphFrame
          • Mapping rules for DseGraphFrame
          • DseGraphFrame API reference
        • Export graphs to DSEFS
        • Import graphs
        • Northwind demo graph with Spark OLAP jobs
      • DSE Graph Operations
        • Configuring DSE Graph
          • Specifying DSE database and graph settings
          • Configuring security
        • Graph backup and restore
        • Graph import/export
        • Graph JMX metrics
      • Graph tools
      • Start Gremlin console
      • Graph Reference
        • Graph traversal API
          • addE
          • addV
          • io
          • property
          • with
        • Schema API
          • drop
          • describe
          • edgeLabel
          • type
          • vertexLabel
        • System API
          • Graph
          • GraphClassic
            • config
            • option
          • graphs
          • list
        • TinkerPop traversal API
          • TinkerPop framework
          • TinkerPop general information
          • TinkerPop predicates
            • eq
            • neq
            • lt
            • lte
            • gt
            • gte
            • inside
            • outside
            • between
            • within
            • without
            • Step-modulators
            • as
            • by
            • emit
            • from
            • option
            • times
            • to
            • until
            • Vertex step
            • out
            • in
            • both
            • outE
            • inE
            • bothE
            • outV
            • inV
            • bothV
            • otherV
            • addV
            • addE
            • property
            • mid-traversal V()
            • aggregate
            • and
            • barrier
            • branch
            • cap
            • choose
            • coalesce
            • constant
            • count
            • cyclicPath
            • dedup
            • drop
            • explain
          • fill
          • filter
          • flatMap
          • fold
          • group
          • groupCount
          • has
          • hasId
          • hasKey
          • hasLabel
          • hasNext
          • hasNot
          • hasValue
          • id
          • inject
          • is
          • key
          • label
          • limit
          • local
          • loops
          • map
          • match
          • math
          • max
          • mean
          • min
          • next
          • not
          • optional
          • or
          • order
          • pageRank
          • path
          • peerPressure
          • profile
          • project
          • properties
          • propertyMap
          • range
          • repeat
          • sack
          • sample
          • select
          • sideEffect
          • simplePath
          • skip
          • store
          • subGraph
          • sum
          • tail
          • timeLimit
          • toBulkSet
          • toList
          • toSet
          • tree
          • unfold
          • union
          • value
          • valueMap
          • values
          • where
        • DataStax Graph data types
        • Graph storage in Cassandra keyspace and table
    • DSE Search
      • About Search
        • Solr OSS differences
        • Unsupported search features
        • Solr Lucene limitations
      • Configuring Search
      • Search Reference
      • Search index configuration
      • Search index schema
      • Search config.yaml options
      • Adding/viewing index resources
      • Initial data migration
      • Shard routing for distributed queries
      • Deleting Solr data
      • Verifying index status
      • Backing up search indexes
      • Restoring a search node
      • Metrics (MBEANS)
      • Uploading custom index resources
      • Solr admin UI configuration
      • Configuring Solr connector port
      • reqPerm Solr admin UI
      • Changing Tomcat settings
      • Configuring Solr library path
      • Using the Solr HTTP API
      • Configuring HTTP for AJP
      • aboutUpdateRequestProcessorAndFieldTransformer
      • Field Input/Output Transformer (FIT) API
      • FIT class examples
      • Custom URP example
      • Interface custom field types
      • Deleting by query - best practice
      • Monitoring segments
      • Solr clients
    • DSE Spark
      • About Spark
      • Using Spark with DataStax Enterprise
        • Starting Spark
        • Running Spark commands against a remote cluster
        • Accessing database data from Spark
          • Using the Spark session
          • Using the Spark context
          • Controlling automatic direct join optimizations in queries
          • Accessing the Spark session and context for applications running outside of DSE Analytics
          • Saving RDD data to DSE
          • Spark supported types
          • Loading external HDFS data into the database using Spark
        • Monitoring Spark with the web interface
        • Getting started with the Spark Cassandra Connector
        • Using DSE Spark with third party tools and integrations
      • Configuring Spark nodes
        • Automatic Spark Master election
        • Configuring Spark logging options
        • Running Spark processes as separate users
        • Configuring the Spark history server
        • Setting Spark Cassandra Connector-specific properties
        • Creating a DSE Analytics Solo datacenter
        • Spark JVMs and memory management
      • Using Spark modules with DataStax Enterprise
        • Getting started with Spark Streaming
          • Creating a Spark Structured Streaming sink using DSE
        • Using Spark SQL to query data
          • Querying database data using Spark SQL in Scala
          • Querying database data using Spark SQL in Java
          • Querying DSE Graph vertices and edges with Spark SQL
          • Using Spark predicate push down in Spark SQL queries
          • Supported syntax of Spark SQL
          • Inserting data into tables with static columns using Spark SQL
          • Running HiveQL queries using Spark SQL
          • Using the DataFrames API
          • Using the Spark SQL Thriftserver
        • Using SparkR with DataStax Enterprise
      • Using AlwaysOn SQL service
        • Enabling SSL for AlwaysOn SQL
        • Using authentication with AlwaysOn SQL
        • Simba JDBC Driver for Apache Spark
        • Simba ODBC Driver for Apache Spark
        • Connecting to AlwaysOn SQL server using Beeline
      • Accessing DataStax Enterprise data from external Spark clusters
        • Overview of BYOS support in DataStax Enterprise
        • Generating the BYOS configuration file
        • Connecting to DataStax Enterprise using the Spark shell on an external Spark cluster
        • Generating Spark SQL schema files
        • Starting Spark SQL Thrift Server with Kerberos
      • Using the Spark Jobserver
      • Spark examples
        • Portfolio Manager demo using Spark
        • Running the Weather Sensor demo
        • Running the Wikipedia demo with SearchAnalytics
        • Running the Spark MLlib demo application
        • Running the http_receiver demo
        • Using DSE geometric types in Spark
        • Importing a text file into a table
        • Running spark-submit job with internal authentication
      • DSE Spark Connector API documentation
  • DataStax Enterprise 6.8 Documentation
  • Securing
  • Authentication and authorization
  • Configuring authentication and authorization
  • About DSE Unified Authentication

About DSE Unified Authentication

DSE Unified Authentication facilitates connectivity to three primary backend authentication and authorization services. DSE Unified Authentication uses the following services:

  • DSE Authenticator supports validating user identity against any of the following authentication schemes:

    • Internal: Connections provide credentials for a role that has an internally stored password. No additional configuration is required. See Setting up logins and users.

    • LDAP: Connections provide LDAP credentials. DSE passes the credentials for verification to LDAP. See Defining an LDAP scheme.

    • Kerberos: Connections provide a Kerberos ticket. DSE is configured as a Service Principal (see Setting up Kerberos) and passes the tickets to the Key Dsitribution Service (KDS) for verification. See Defining a Kerberos scheme.

    When a connection request specifies an authentication scheme, DSE Authenticator validates the user against the selected scheme first. If no scheme is specified in the connection request or the validation fails, DSE Authenticator will try the default_scheme and then each scheme defined in other_schemes.

    It is possible to authenticate users without implementing access control using the DSE Authenticator; however, authentication is required for authorization and role management.

  • DSE Role Manager assigns roles using one of the following modes:

    • Internal: 1-1 mapping using an internally stored password. Requires a role for each account.

    • LDAP: 1- many mapping. Assigns DSE roles that match the users' LDAP groups.

      For LDAP role management, DSE disables role nesting; you cannot use GRANT to assign a role to another role.

  • DSE Authorizer analyzes the request against the role permissions on each affected resource before allowing the request to be executed.

    Set and remove permissions on database resources with the CQL commands GRANT and REVOKE.

    Enable support for row-level access control, which allow permissions to be granted by filtering on a partition column, by setting authorization_options row_level_access_control to true. See Enabling DSE Unified Authentication and Setting up Row Level Access Control (RLAC).
    Steps for new deployment

    How to enable DSE Unified Authentication on a new deployment.

    Steps for production environments

    Steps for enabling DSE Unified Authentication without downtime when implementing in a production or otherwise existing DataStax Enterprise environment.

Configuring authentication and authorization Steps for new deployment

General Inquiries: +1 (650) 389-6000 info@datastax.com

© DataStax | Privacy policy | Terms of use

DataStax, Titan, and TitanDB are registered trademarks of DataStax, Inc. and its subsidiaries in the United States and/or other countries.

Apache, Apache Cassandra, Cassandra, Apache Tomcat, Tomcat, Apache Lucene, Apache Solr, Apache Hadoop, Hadoop, Apache Pulsar, Pulsar, Apache Spark, Spark, Apache TinkerPop, TinkerPop, Apache Kafka and Kafka are either registered trademarks or trademarks of the Apache Software Foundation or its subsidiaries in Canada, the United States and/or other countries.

Kubernetes is the registered trademark of the Linux Foundation.

landing_page landingpage