Details
-
Improvement
-
Status: Resolved
-
Low
-
Resolution: Fixed
-
None
-
None
Description
In order to improve IAuthority interface I propose to add the following new permissions: USE, SELECT, CREATE, ALTER, DROP, UPDATE, DELETE, ALL, NONE. And the following new commands to the CQL 3.0 which would give users possibility (with appropriate implementation) to dynamically change user's rights to access system objects:
GRANT <permission> ON <resource> TO <user> [WITH GRANT OPTION];
REVOKE <permission> ON <resource> FROM <user_name>;
LIST GRANTS FOR <user>; // Not 'SHOW' because it's reserved for cqlsh for commands like 'show cluster'
where <resource> is Keyspace or ColumnFamily (initially, but extendable to indexes or configration options in the future), and <permission> is listed above.
To keep the system backward compatible with old authorization interface implementations Permission class would include the mappings of the new to old
permissions:
READ -> USE, SELECT
WRITE -> USE, CREATE, ALTER, DROP, UPDATE, DELETE