Details
-
Improvement
-
Status: Resolved
-
Low
-
Resolution: Fixed
-
None
-
None
Description
There are a few use cases where it makes sense to restrict the operations a given user can perform in specific data centers. The obvious use case is the production/analytics datacenter configuration. You don’t want the production user to be reading/or writing to the analytics datacenter, and you don’t want the analytics user to be reading from the production datacenter.
Although we expect users to get this right on that application level, we should also be able to enforce this at the database level. The first approach that comes to mind would be to support an optional DC parameter when granting select and modify permissions to roles. Something like GRANT SELECT ON some_keyspace TO that_user IN DC dc1, statements that omit the dc would implicitly be granting permission to all dcs. However, I’m not married to this approach.
UPDATE:
The approach taken in this ticket was to setup access for a given user to a set of DC. A user can either login and run queries in a given DC or they can not. The ROLE statements were updated:
CREATE ROLE alice WITH PASSWORD = 'password_a' AND LOGIN = true AND ACCESS TO DATACENTERS {'DC1', 'DC3'};
CREATE ROLE alice WITH PASSWORD = 'password_a' AND LOGIN = true AND ACCESS TO ALL DATACENTERS;