Uploaded image for project: 'Cassandra'
  1. Cassandra
  2. CASSANDRA-4490

Improve IAuthority interface by introducing fine-grained access permissions and grant/revoke commands.

    Details

    • Type: Improvement
    • Status: Resolved
    • Priority: Low
    • Resolution: Fixed
    • Fix Version/s: 1.1.6
    • Component/s: None
    • Labels:
      None

      Description

      In order to improve IAuthority interface I propose to add the following new permissions: USE, SELECT, CREATE, ALTER, DROP, UPDATE, DELETE, ALL, NONE. And the following new commands to the CQL 3.0 which would give users possibility (with appropriate implementation) to dynamically change user's rights to access system objects:

      GRANT <permission> ON <resource> TO <user> [WITH GRANT OPTION];
      REVOKE <permission> ON <resource> FROM <user_name>;
      LIST GRANTS FOR <user>; // Not 'SHOW' because it's reserved for cqlsh for commands like 'show cluster'

      where <resource> is Keyspace or ColumnFamily (initially, but extendable to indexes or configration options in the future), and <permission> is listed above.

      To keep the system backward compatible with old authorization interface implementations Permission class would include the mappings of the new to old
      permissions:

      READ -> USE, SELECT
      WRITE -> USE, CREATE, ALTER, DROP, UPDATE, DELETE

        Attachments

        1. 4490-v3.txt
          63 kB
          Yuki Morishita
        2. CASSANDRA-4490.patch
          57 kB
          Pavel Yaskevich
        3. CASSANDRA-4490-v2.patch
          64 kB
          Pavel Yaskevich

          Activity

            People

            • Assignee:
              xedin Pavel Yaskevich
              Reporter:
              xedin Pavel Yaskevich
              Authors:
              Pavel Yaskevich
              Reviewers:
              Yuki Morishita
            • Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: