Creating Cassandra user roles with limited database access

Define and control Pega Platform access to your external database by creating Cassandra user roles with access to a defined set of keyspaces.

Create keyspaces that are necessary to store decision management data, and then create user roles with access to the keyspaces.

Create the following keyspaces by running the create keyspace CQL command:
- adm
- adm_commitlog
- aggregation
- data
- states
- vbd
Adjust the create keyspace CQL command to your Cassandra cluster settings. For more information about the create keyspace CQL command, see the DataStax documentation.
Create a Cassandra user role by running the create role CQL command:
```
create role rolename with password = rolepassword and login = true
```
For example:
```
create role pegauser with password = passwordxmp and login = true
```
For more information about the create role CQL command, see the DataStax documentation.
For each keyspace that you create in step 1, grant the following permissions to the user by running the grant CQL command:
- create
- alter
- drop
- select
- modify
For example: For the data keyspace, run the following CQL command:
```
grant create on keyspace data to pegauser;
grant alter on keyspace data to pegauser;
grant drop on keyspace data to pegauser;
grant select on keyspace data to pegauser;
grant modify on keyspace data to pegauser; 
```
For more information about the grant CQL command, see the DataStax documentation.

What to do next: Configure the connection between Pega Platform and your external Cassandra database. For more information, see Connecting to an external Cassandra database.