DataStax OpsCenter Documentation

Configuring user access

By default, access control is disabled. Any user that knows the OpsCenter URL can view all objects and perform all tasks. To control access, you configure authentication for OpsCenter users by performing these tasks:

  • Add users.
  • Assign passwords.
  • Set access roles using the set_passwd.py utility.

About access roles

OpsCenter provides two access roles: admin and user. Users assigned the admin role can perform these tasks:

  • Create, modify, or drop keyspaces
  • Create, modify, or drop column families
  • Execute flush, cleanup, compact, drain, repair, move, or decommission actions on a node
  • Install an OpsCenter agent on Cassandra nodes

Users assigned the user role can perform all other OpsCenter tasks.

Assigning or modifying access roles

The first time you assign an access role to an administrator or user, OpsCenter generates a password file and enables access control. Authentication is required to access OpsCenter for viewing objects and performing tasks.

To create or modify access roles:

  1. Run the set_passwd.py utility. For example, to create user johndoe with admin role privileges:

    $ python /usr/share/opscenter/bin/set_passwd.py johndoe admin
    
    Please enter a password for 'johndoe'.
    Password:
    
  2. After configuring authentication, restart OpsCenter:

    $ service opscenterd restart
    

    Restarting is required only when you create the first user (because it enables access control). No restart is required for adding, modifying, or removing users.

Removing a user

To remove a user:

  1. Edit the OpsCenter password file:

    • Packaged installs: /etc/opscenter/.passwds
    • Binary installs: <install_dir>/passwds
  2. Delete the line of the user that you want to remove (<username>:<password_hash>:<role>). For example:

    johndoe:5e8848...42d8:admin

    Restarting is not required to remove a user. Restarting is required to delete the password file. Deleting the password file disables access control. If you delete all users, you will not be able to access OpsCenter.