Creating Cassandra user roles with limited database access

Define and control Pega Platform access to your external database by creating Cassandra user roles with access to a defined set of keyspaces.

Create keyspaces that are necessary to store decision management data and then create user roles with access to the keyspaces.
  1. Create the following keyspaces by running the create keyspace CQL command:
    • adm
    • adm_commitlog
    • aggregation
    • data
    • states
    • vbd
    For example: For a cluster with one data center, run the following command:
    create keyspace data with replication = {'class':'NetworkTopologyStrategy','datacenter1':3};
    create keyspace adm with replication = {'class':'NetworkTopologyStrategy','datacenter1':3};
    create keyspace adm_commitlog with replication = {'class':'NetworkTopologyStrategy','datacenter1':3};
    create keyspace aggregation with replication = {'class':'NetworkTopologyStrategy','datacenter1':3};
    create keyspace states with replication = {'class':'NetworkTopologyStrategy','datacenter1':3};
    create keyspace vbd with replication = {'class':'NetworkTopologyStrategy','datacenter1':3}; 
    
    For more information about the create keyspace CQL command, see the DataStax documentation.
  2. Create a Cassandra user role by running the create role CQL command:
    create role rolename with password = rolepassword and login = true
    For example: 
    create role pegauser with password = passwordxmp and login = true
    For more information about the create role CQL command, see the DataStax documentation.
  3. For each keyspace that you created in 1, grant the following permissions to the user by running the grant CQL command:
    • create
    • alter
    • drop
    • select
    • modify
    For example: For the data keyspace, run the following CQL command:
    grant create on keyspace data to pegauser;
    grant alter on keyspace data to pegauser;
    grant drop on keyspace data to pegauser;
    grant select on keyspace data to pegauser;
    grant modify on keyspace data to pegauser; 
    
    For more information about the grant CQL command, see the DataStax documentation.
What to do next: Configure the connection between Pega Platform and your external Cassandra database. For more information, see Connecting to an external Cassandra database.