DataStax OpsCenter Documentation

Configuring user access

By default, access control is disabled. Any user that knows the OpsCenter URL can view all objects and perform all tasks. To control access, you configure authentication for OpsCenter users by performing these tasks:

  • Add users.
  • Assign passwords.
  • Set access roles using the set_passwd.py utility.

About access roles

OpsCenter provides two access roles: admin and user.

Admin role privileges

Users assigned the admin role can view all objects and perform all tasks. The following are tasks which may only be performed by an admin:

  • Alerts
    • add
    • delete
    • modify
  • Cluster operations
    • add nodes to a cluster
    • configure the cluster (all at once rather than a single node at a time)
    • rebalance
    • restart the cluster
  • Column families
    • add column metadata
    • create
    • delete column metadata
    • delete index
    • drop
    • truncate
    • modify
  • Keyspaces
    • create
    • drop
    • modify
  • Node
    • cleanup
    • compact
    • configure
    • decommission
    • drain
    • flush
    • move
    • perform garbage collection
    • repair
    • restart
    • start
    • stop
  • Install the OpsCenter agent on Cassandra nodes
  • OpsCenter configuration
    • add an existing cluster to OpsCenter
    • delete a cluster from OpsCenter
    • edit the config for a cluster OpsCenter is monitoring
  • Provisioning
    • add nodes to an existing cluster
    • provision a new cluster (local or EC2)
  • Run a one-off backup
  • Run a restore of a backup
  • Scheduled backups
    • add
    • delete
    • modify

User role privileges

Users assigned the user role can perform all other OpsCenter tasks.

Assigning or modifying access roles

The first time you assign an access role to an administrator or user, OpsCenter generates a password file and enables access control. Authentication is required to access OpsCenter for viewing objects and performing tasks.

To create or modify access roles:

  1. Run the set_passwd.py utility. For example, to create user johndoe with admin role privileges:

    $ python /usr/share/opscenter/bin/set_passwd.py johndoe admin
    
    Please enter a password for 'johndoe'.
    Password:
    
  2. After configuring authentication, restart OpsCenter:

    $ service opscenterd restart
    

    Restarting is required only when you create the first user (because it enables access control). No restart is required for adding, modifying, or removing users.

Removing a user

To remove a user:

  1. Edit the OpsCenter password file:

    • Packaged installs: /etc/opscenter/.passwds
    • Binary installs: <install_dir>/passwds
  2. Delete the line of the user that you want to remove (<username>:<password_hash>:<role>). For example:

    johndoe:5e8848...42d8:admin

    Restarting is not required to remove a user. Restarting is required to delete the password file. Deleting the password file disables access control. If you delete all users, you will not be able to access OpsCenter.