About Role Based Access Control

Define roles and configure permissions to control access to database resources for authenticated users.

Role-based access control (RBAC) is available only after completing Enabling DSE Unified Authentication.

A role is a database resource to which privileges to access other database resources are assigned.

Understanding Role assignment

The DataStax Enterprise (DSE) Role Manager controls how a role is assigned to an authenticated user.
  • internal - Each user has a login role. When the authentication method is external the user name is matched to a role name and the role must have login set to true.

    DSE supports nested roles which allows permission to be managed as sets. Use the GRANT role_name TO role_name command to assign one role to another as a permission set.

  • ldap - Looks up the authenticated user's LDAP group membership. Users are assigned all the roles that match an LDAP group name. At least one matching role must have login set to true. DSE roles automatically change as LDAP group membership changes.
    Note: DSE does not support nesting roles with the Role Management mode LDAP.