Managing cluster users and roles
Enterprise Edition
Tarantool Cluster Manager is a part of the Enterprise Edition.
Tarantool Cluster Manager provides a visual interface for managing Tarantool users and roles on connected clusters.
Note
This page describes management of Tarantool users and roles on instances of connected clusters. To learn to manage TCM users, see Access control.
The Tarantool access model defines user access to entities inside a single instance. Thus, to create or alter a cluster-wide user or role, you need to do this on all cluster instances. In replication clusters, changes in access model are possible only on read-write instances (replica set leaders). Changes made on a leader instance are propagated to all instances of its replica set automatically.
Operations on the cluster access model are possible only if the user that TCM uses to connect to the cluster has the privileges to manage users and roles.
You can also manage Tarantool users and roles from TCM using the Lua API as described in Access control. To do this, connect to instance consoles from the Terminal tab of the instance page.
The tools for managing cluster users are located on the Users tab of the instance page.
Important
To ensure the access model consistency across the cluster, repeat all user management operations on all read-write instances of the cluster.
To create a user on a cluster:
- Go to Stateboard.
- Find a replica set leader in the instances list and click it to open the instance page.
- Go to the Users tab and click Add user.
To edit or delete a user, click the Edit or Delete button against the username in the Users table.
To edit a user’s privileges:
- Click the lock icon against the username in the Users table.
- In the privileges dialog:
- Click Add to grant privileges
- Click Revoke (the trash bin icon) to revoke a privilege
The tools for managing cluster roles are located on the Users tab of the instance page.
Important
To ensure the access model consistency across the cluster, repeat all role management operations on all read-write instances of the cluster.
To create a role on a cluster:
- Go to Stateboard.
- Find a replica set leader in the instances list and click it to open the instance page.
- Go to the Users tab and click Add role.
To delete a role, click the Delete button against the role name in the Roles table.
To edit a role’s privileges:
- Click the lock icon against the role name in the Roles table.
- In the privileges dialog:
- Click Add to grant privileges
- Click Revoke (the trash bin icon) to revoke a privilege