Creating Cassandra user roles with limited database access
This content applies only to On-premises and Client-managed cloud environments
Define and control Pega Platform access to your external database by creating Cassandra user roles with access to a defined set of keyspaces.
Create keyspaces that are necessary to store decision
management data, and then create user roles with access to the keyspaces.
What to do next: Configure the connection between Pega Platform and your external Cassandra database. For more information,
see Connecting to an external Cassandra database through the Decision Data Store service.
- Create the following keyspaces by running the
create keyspaceCQL command:admadm_commitlogaggregationdatastatesvbd
Adjust thecreate keyspaceCQL command to your Cassandra cluster settings. For more information about thecreate keyspaceCQL command, see the DataStax documentation. - Create a Cassandra user role by running the
create roleCQL command:create role rolename with password = rolepassword and login = trueFor example: create role pegauser with password = passwordxmp and login = trueFor more information about thecreate roleCQL command, see the DataStax documentation. - For each keyspace that you create in step 1, grant the following permissions to the user by running the
grantCQL command:createalterdropselectmodify
For example: For the datakeyspace, run the following CQL command:grant create on keyspace data to pegauser; grant alter on keyspace data to pegauser; grant drop on keyspace data to pegauser; grant select on keyspace data to pegauser; grant modify on keyspace data to pegauser;For more information about thegrantCQL command, see the DataStax documentation.
Previous topic Creating Cassandra user roles with full database access Next topic Configuring a Cassandra cluster for internal encryption (deprecated)