About Role Based Access Control
Role-based access control (RBAC) is available only after completing Enabling DSE Unified Authentication.
A role is a database resource to which privileges are assigned that manage access to other database resources.
The DataStax Enterprise (DSE) Role Manager mode controls how a role is assigned to an authenticated user.
internal - Each user has a
loginrole. When the authentication method is external the user name is matched to a role name and the role must have
DSE supports nested roles which allows permission to be managed as sets. Use the
GRANT <role_name> TO <role_name>command to assign one role to another as a permission set.
ldap - Looks up the authenticated user’s LDAP group membership. Users are assigned all the roles that match an LDAP group name. At least one matching role must have login set to
true. DSE roles automatically change as LDAP group membership changes.
DSE does not support nesting roles with the Role Management mode LDAP.