Uploaded image for project: 'Cassandra'
  1. Cassandra
  2. CASSANDRA-13985

Support restricting reads and writes to specific datacenters on a per user basis

    Details

    • Type: Improvement
    • Status: Resolved
    • Priority: Minor
    • Resolution: Fixed
    • Fix Version/s: 4.0
    • Component/s: None
    • Labels:
      None

      Description

      There are a few use cases where it makes sense to restrict the operations a given user can perform in specific data centers. The obvious use case is the production/analytics datacenter configuration. You don’t want the production user to be reading/or writing to the analytics datacenter, and you don’t want the analytics user to be reading from the production datacenter.

      Although we expect users to get this right on that application level, we should also be able to enforce this at the database level. The first approach that comes to mind would be to support an optional DC parameter when granting select and modify permissions to roles. Something like GRANT SELECT ON some_keyspace TO that_user IN DC dc1, statements that omit the dc would implicitly be granting permission to all dcs. However, I’m not married to this approach.

        Attachments

          Activity

            People

            • Assignee:
              bdeggleston Blake Eggleston
              Reporter:
              bdeggleston Blake Eggleston
              Reviewer:
              Sam Tunnicliffe
            • Votes:
              0 Vote for this issue
              Watchers:
              8 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: