Service Users in ScyllaDB Cloud

Service Users in ScyllaDB Cloud¶

About Service Users¶

Service users are system-managed users used by ScyllaDB Cloud internal workflows, automation tools, or ScyllaDB Cloud support engineers to perform operational tasks within the platform. Unlike standard users, which are tied to individuals, service users are designed for specific roles or functions, such as automated backups, monitoring, or workflow execution.

Service users are automatically provisioned, maintained, and monitored by ScyllaDB Cloud to ensure consistent operation, security isolation, and compliance with industry standards. They enable secure, auditable, and role-specific access to system components via Privileged Access Management (PAM), following the principle of least privilege.

Note

Modifying, disabling, or reducing the permissions of service users may impair service operation.

Customers retain full administrative access to all users within their clusters, including system-managed service users. However, ScyllaDB Cloud relies on service users to deliver core platform functionality. ScyllaDB Cloud cannot guarantee proper functionality or support if service users are unavailable or their permissions are restricted.

Security and Compliance Notes¶

All service users are system-managed, and authentication is rotated automatically.
Access tokens, credentials, and permissions are stored and controlled via secure, encrypted vault mechanisms.
Each service user’s activities are fully traced and auditable through ScyllaDB’s centralized logging and monitoring systems.
Operational events involving service users are recorded internally and also may appear in your cluster logs or system events list.
No user or external component can modify or assume these identities.
Service users adhere to least-privilege access principles and assume role-basedaccess control (RBAC).

Service Users Structure¶

Service User	Description
scylla_support	This user is used by ScyllaDB Cloud Support to troubleshoot issues and handle customer-submitted requests. It has access to schema metadata.
scylla_admin	This user is used to resolve complex issues related to the ScyllaDB database or perform recovery operations in emergency situations.
scylla_automation	This user is used by ScyllaDB Cloud.
scylla_workflows	This user is used by ScyllaDB Cloud.
scylla_vector_store	This user is used by the Vector Search service.
scylla_manager	This user is used by ScyllaDB Manager.
scylla_monitor	This user is used by the monitoring stack. It is limited to read-only access on system keyspaces.

Was this page helpful?