Authentication scheme resources
Syntax for authorizing roles for an authentication scheme.
dse.yaml
The location of the dse.yaml file depends on the type of installation:| Package installations | /etc/dse/dse.yaml |
| Tarball installations | installation_location/resources/dse/conf/dse.yaml |
When using multiple authentication schemes, there can be overlap between users and groups. For example, an internal login role admin and an LDAP group admin. For each role, you can bind the role to an authentication scheme preventing roles from being assigned to the wrong users.
Schemes hierarchy:
Synopsis
- ALL AUTHENTICATION SCHEMES
- Allows role to be assigned to users who authenticated against any
scheme.
GRANT EXECUTE ON ALL AUTHENTICATION SCHEMES TO role_name; - LDAP SCHEME | KERBEROS SCHEME | INTERNAL SCHEME
- Only assigns role to user if they authenticated against the specified
scheme:
GRANT EXECUTE ON (LDAP SCHEME | KERBEROS SCHEME | INTERNAL SCHEME) TO role_name;
Permission matrix
| Permission | Resource | Description |
|---|---|---|
| EXECUTE | ALL AUTHENTICATION SCHEMES | Assign role to user from any scheme. |
| LDAP SCHEME | Assign role to only LDAP users. | |
| KERBEROS SCHEME | Assign role to only Kerberos principals. | |
| INTERNAL SCHEME | Assign role to only internally authenticated login roles. |