Access control | Tarantool

Access control

Enterprise Edition

Tarantool Cluster Manager is a part of the Enterprise Edition.

Tarantool Cluster Manager features a role-based access control system. It enables flexible management of access to TCM functions, connected clusters, and stored data. The TCM access system uses three main entities: permissions, roles, and users (or user accounts). They work as follows:

  • Permissions correspond to specific functions or objects in TCM (administrative permissions) or operations on clusters (cluster permissions).
  • Roles are predefined sets of administrative permissions to assign to users.
  • Users have roles that define their access rights to TCM functions and objects, and cluster permissions that are assigned for each cluster separately.


TCM users, roles, and permissions are not to be confused with similar subjects of the Tarantool access control system. To access Tarantool instances directly, Tarantool users with corresponding roles are required.

Permissions define access to specific actions that users can do in TCM. For example, there are permissions to view connected clusters or to manage users.

There are two types of permissions in TCM: administrative and cluster permissions.

  • Administrative permissions provide access to TCM functions. They define which pages and controls are available to users in the web UI. Typically, read permissions define pages shown in the left menu. Write permissions define the availability of controls for managing objects on the pages. For example, users with read permission to clusters can view the Clusters page but they don’t see Add, Edit, or Remove buttons unless they have the write permission.

    Administrative permissions are assigned to users through roles.

  • Cluster permissions enable actions with connected Tarantool clusters. These permissions are granted to users on a per-cluster level: each user has a separate set of permissions for each cluster.

    Cluster permissions define which pages of the Cluster menu section users see and what actions they can take on these pages. For example, users with the read configuration permission to a cluster configuration see the Configuration page when this cluster is selected.

    Cluster permissions are assigned to users individually when creating or editing them.

Permissions are predefined in TCM, there is no way to change, add, or delete them. The complete lists of administrative and cluster permissions in TCM are provided in the Permissions reference.

Roles are groups of administrative permissions that are assigned to users together.

The assigned roles define pages that users see in TCM and actions available on these pages.


Roles don’t include cluster permissions. Access to connected clusters is configured for each user individually.

TCM comes with default roles that cover three common usage scenarios:

  • Super Admin Role is a default role with all available administrative permissions. Additionally, the users with this role automatically gain all cluster permissions to all clusters.
  • Cluster Admin Role is a default role for cluster administration. It includes administrative permissions for cluster management.
  • Default User Role is a default role for working with clusters. It includes basic administrative read permissions that are required to log in to TCM and navigate to a cluster.

Administrators can create new roles, edit, and delete existing ones.

Roles are listed on the Roles page.

To create a new role, click Add, enter the role name, and select the permissions to include in the role.

To edit an existing role, click Edit in the Actions menu of the corresponding table row.

To delete a role, click Delete in the Actions menu of the corresponding table row.


You can delete a role only if there are no users with this role.

TCM users gain access to objects and actions through assigned roles and cluster permissions.

A user can have any number of roles or none of them. Users without roles have access only to clusters that are assigned to them.

TCM uses password authentication for users. For information on password management, see the Passwords section below.

There is one default user Default Admin. It has all the available permissions, both administrative and cluster ones. When new clusters are added in TCM, Default Admin automatically receives all cluster permissions for them as well.

Administrators can create new users, edit, and delete existing ones.

The tools for managing users are located on the Users page.

To create a user:

  1. Click Add.
  2. Fill in the user information: username, full name, and description.
  3. Generate or type in a password.
  4. Select roles to assign to the user.
  5. Add clusters to give the user access to, and select cluster permissions for each of them.

To edit a user, click Edit in the Actions menu of the corresponding table row.

To delete a user, click Delete in the Actions menu of the corresponding table row.

TCM uses the general term secret for user authentication keys. A secret is any pair of a public and a private key that can be used for authentication. In TCM 1.0.0, password is the only supported secret type. In this case, the public key is a username, and the private key is a password.

Users receive their first passwords during their account creation.

All passwords are governed by the password policy. It can be flexibly configured to follow the security requirements of your organization.

To change your own password, click your name in the top-right corner and go to Settings > Change password.

Administrators can manage a user’s password on this user’s Secrets page. To open it, click Secrets in the Actions menu of the corresponding Users table row.

To change a user’s password, click Edit in the Actions menu of the corresponding Secrets table row and enter the new password in the New secret key field.

Passwords expire automatically after the expiration period defined in the password policy. When a user logs in to TCM with an expired password, the only action available to them is a password change. All other TCM functions and objects are unavailable until the new password is set.

Administrators can also set users’ passwords to expired manually. To set a user’s password to expired, click Expire in the Actions menu of the corresponding Secrets table row.


Password expiration can’t be reverted.

To forbid users’ access to TCM, administrators can temporarily block their passwords. A blocked password can’t be used to log into TCM until it’s unblocked manually or the blocking period expires.

To block a user’s password, click Block in the Actions menu of the corresponding Secrets table row. Then provide a blocking reason and enter the blocking period.

To unblock a blocked password, click Unblock in the Actions menu of the corresponding Secrets table row.

Password policy helps improve security and comply with security requirements that can apply to your organization.

You can edit the TCM password policy on the Password policy page. There are the following password policy settings:

  • Minimal password length.
  • Do not use last N passwords.
  • Password expiration in days. Users’ passwords expire after this number of days since they were set. Users with expired passwords lose access to any objects and functions except password change until they set a new password.
  • Password expiration warning in days. After this number of days, the user sees a warning that their password expires soon.
  • Block after N login attempts. Temporarily block users if they enter their username or password incorrectly this number of times consecutively.
  • User lockout time in seconds. The time interval for which users can’t log in after spending all failed login attempts.
  • Password must include. Characters and symbols that must be present in passwords:
    • Lowercase characters (a-z)
    • Uppercase characters (A-Z)
    • Digits (0-9)
    • Symbols (such as !@#$%^&*()_+№”’:,.;=][{}`?>/.)

Administrators can view and revoke user sessions in TCM. All active sessions are listed on the Sessions page. To revoke a session, click Revoke in the Actions menu of the corresponding table row.

To revoke all sessions of a user, go to Users and click Revoke all sessions in the Actions menu of the corresponding table row.

The following administrative permissions are available in TCM:

Permission Description View connected clusters’ details
admin.clusters.write Edit cluster details and add new clusters View users’ details
admin.users.write Edit user details and add new users View roles’ details
admin.roles.write Edit roles and add new roles View add-ons
admin.addons.write Edit add-on flags
admin.addons.upload Upload new add-ons View audit log configuration and read audit log in TCM
admin.auditlog.write Edit audit log configuration View users’ sessions
admin.sessions.write Revoke users’ sessions View LDAP configurations
admin.ldap.write Manage LDAP configurations View password policy
admin.passwordpolicy.write Manage password policy
admin.devmode.toggle Toggle development mode View information about users’ secrets
admin.secrets.write Manage users’ secrets: add, edit, expire, block, delete
user.password.change User’s permission to change their own password Read low-level information from TCM storage (for debug purposes)
admin.lowlevel.state.write Write low-level information to TCM storage (for debug purposes)

The following cluster permissions are available in TCM:

Permission Description View cluster configuration
cluster.config.write Manage cluster configuration View cluster stateboard Read data from cluster instances
cluster.explorer.write Write data to cluster instances Execute stored functions on cluster instances
cluster.explorer.eval Execute code on cluster instances Read cluster data schema Modify cluster data schema Read low-level information about cluster configuration (for debug purposes)
cluster.lowlevel.state.write Write low-level information about cluster configuration (for debug purposes)
Found what you were looking for?