ScyllaDB Docs ScyllaDB Manual ScyllaDB for Administrators Security Creating a Superuser

Caution

You're viewing documentation for an unstable version of ScyllaDB Manual. Switch to the latest stable version.

Creating a Superuser¶

There is no default superuser role in ScyllaDB. Users with a superuser role have full access to the database and can run any CQL command on the database resources.

There are two ways you can create a superuser in ScyllaDB:

Using the ScyllaDB Maintenance Socket to create a superuser role
Using an existing superuser account to create a new superuser role

When setting up a new cluster, use the maintenance socket approach to create the first superuser.

Setting Up a Superuser Using the Maintenance Socket¶

If no superuser account exists in the cluster, which is the case for new clusters, you can create a superuser using the ScyllaDB Maintenance Socket. In order to do that, the node must have the maintenance socket enabled. See Admin Tools: Maintenance Socket.

To create a superuser using the maintenance socket, you should:

Connect to the node using cqlsh over the maintenance socket.

cqlsh <maintenance_socket_path>

Replace <maintenance_socket_path> with the socket path configured in scylla.yaml.

Create new superuser role using CREATE ROLE command.

CREATE ROLE <new_superuser>  WITH SUPERUSER = true AND LOGIN = true and PASSWORD = '<new_superuser_password>';

Verify that you can log in to your node using cqlsh command with the new password.

cqlsh -u <new_superuser>
Password:

Note

Enter the value of <new_superuser_password> password when prompted. The input is not displayed.

Show all the roles to verify that the new superuser was created:

LIST ROLES;

Setting Up a Superuser Using an Existing Superuser Account¶

To create a superuser using an existing superuser account, you should:

cqlsh -u <existing_superuser>
Password:

Note

Enter the value of <existing_superuser_password> password when prompted. The input is not displayed.

Create a new superuser.

CREATE ROLE <new_superuser>  WITH SUPERUSER = true AND LOGIN = true and PASSWORD = '<new_superuser_password>';

Verify that you can log in to your node using cqlsh command with the new password.

cqlsh -u <new_superuser>
Password:

Note

Enter the value of <new_superuser_password> password when prompted. The input is not displayed.

Show all the roles to verify that the new superuser was created:

LIST ROLES;

Was this page helpful?