Ash Hopkins

In early March, we introduced serverless Astra DB. Since then, we’ve gotten some valuable feedback from our users, and we’re excited to offer an improved, refined experience for your identity and access management (IAM) needs. Here’s how we’re making it easier to manage custom roles, application tokens, and user access.

<h2>More default roles</h2>

Our mission is to make it as easy as possible to quickly and securely connect to a database—so we’ve added more default roles. Just pick the one that works best for your use case!&nbsp;&nbsp;

For example, you might want to create a token that grants API read-only access for all databases in your organization. Under Organization Settings in the Token Management area, you'll now be able to create a token and assign it the "API Read Only User" role. Selecting this will return the correct set of permissions for that use case.

<img alt="Select role" data-entity-type="file" data-entity-uuid="0dd340d9-3481-432b-b8e4-20f5b47358a8" src="https://www.datastax.com/sites/default/files/inline-images/Select%20Role%20-%20API%20Read%20Only%402x.png" />

<img alt="Organization" data-entity-type="file" data-entity-uuid="e22bbf76-38fd-45b1-abf0-7e1041d6106b" src="https://www.datastax.com/sites/default/files/inline-images/Organization%20-%20Settings%20-%20Token%20Management%20-%20Role%20Selected%402x.png" />

From here, you'll also find a link to our <a href="https://docs.datastax.com/en/astra/docs/user-permissions.html">new and improved documentation</a> that will provide you with more details for each role and permission.

<img alt="Docs" data-entity-type="file" data-entity-uuid="cffbcde3-5118-49e3-8a0a-37cb410bc298" src="https://www.datastax.com/sites/default/files/inline-images/Docs%20-%20Permissions%402x.png" />

<h2>Updated custom role experience</h2>

With custom roles, you can scope permissions for real users and application tokens to the entire organization, specific databases, keyspaces, or tables without using CQL. Quickly get going by creating custom roles within Role Management in your Organization Settings, or with our easy-to-use DevOps API.

<img alt="Custom" data-entity-type="file" data-entity-uuid="d625624d-7c55-467e-a6d0-90de1d09bd14" src="https://www.datastax.com/sites/default/files/inline-images/Custom%20Role%20Panel%402x.png" />

<h2>Application tokens</h2>

Managing application tokens is done at the organization level so you can easily view and manage all tokens in one place. This also enables you to create an application token that can be used to generate databases within your organization.

When an application token is generated, a corresponding client ID and client secret is also generated. For increased security, values for token, client ID, and client secret are all available for copy or download only once, upon generation. These tokens do not automatically expire, but can be destroyed in case they are compromised or no longer needed.

<img alt="token" data-entity-type="file" data-entity-uuid="c63ccb9d-5729-4056-adca-430486adf262" src="https://www.datastax.com/sites/default/files/inline-images/Token%20Generated%20-%20API%20Read%20Only%402x.png" />

Client ID and client secret are used to authenticate against databases created on or after March 4, 2021 (when serverless Astra DB was launched), in lieu of username and password. We moved application tokens under Organization Settings to open up opportunities for more granular control of authorization within each database. For example, one token may be used only for reading a specific database while another token may have authorization to write to the same database. Following principles of least-privileged access increases the security of your database by reducing your exposure.

<img alt="Manage existing tokens" data-entity-type="file" data-entity-uuid="37dd7f16-a4a6-4396-89fb-eff7d8bc2dbe" src="https://www.datastax.com/sites/default/files/inline-images/Manage%20Existing%20Tokens.png" />

<img alt="user management" data-entity-type="file" data-entity-uuid="5e774d2a-9280-4bb1-b8f9-e929e2e3105f" src="https://www.datastax.com/sites/default/files/inline-images/User%20Management%20-%20Role%20Applied.png" />

<h2>Managing roles, tokens, and users with the DevOps API</h2>

You can create and manage custom roles, application tokens, and organization users within Astra itself or the DevOps API. Any roles, tokens, or users created or updated with the DevOps API will also show up in the Astra interface. You get the best of both worlds: the ability to automate authentication and authorization management and the ability to easily audit or make quick changes.

<h2>A secure database in the cloud</h2>

We are continuously evolving Astra at a rapid pace to make it the easiest, and most secure, Database-as-a-Service offering on the market. Keep the feedback coming—and if you’re not an Astra user, we welcome you to <a href="https://auth.cloud.datastax.com/auth/realms/CloudUsers/protocol/openid-connect/registrations?client_id=auth-proxy&amp;response_type=code&amp;scope=openid+profile+email&amp;redirect_uri=https://astra.datastax.com&amp;">use Astra for free</a>.

You Spoke, We Listened—the Updated Astra IAM Experience is Here!

Ash Hopkins

Share

Share

More default roles

Updated custom role experience

Application tokens

Managing roles, tokens, and users with the DevOps API

A secure database in the cloud

More Company

DataStax Acquires Langflow to Accelerate Generative AI Development

The Top 5 DataStax Stories from 2023

2023 Recap: Data = AI

DataStax Astra DB Nabs Three Prestigious 2023 TrustRadius “Best of” Awards, Dominates the Vector Databases Category

One-stop Data API for Production GenAI