I have a DSE 6.8.3 cluster installed by Lifecycle Manager with 2 datacenters: dc1 - Transactional, dc2 - Analytics Solo.
I have configured the security keyspaces replication factors and have executed on all nodes:
nodetool repair --full system_auth nodetool repair --full dse_security
I have configured 2 auth schemes: internal (default) and ldap.
Role Manager mode is set to "ldap".
system_keyspaces_filtering is set to true.
I have created a role that represents my ldap group "myldapgroup":
CREATE ROLE myldapgroup WITH LOGIN = true; GRANT EXECUTE on LDAP SCHEME to myldapgroup;
"myldapuser" is a member of "myldapgroup". When I log in via "myldapuser" it has access to all keyspaces.
I mean a situation when I have additional keyspaces:
And myldapuser is able to successfully execute
DROP KEYSPACE app1_keyspace1;
How to restrict default users access only to keyspaces that I directly grant access to?