[CASSANDRA-4490] Improve IAuthority interface by introducing fine-grained access permissions and grant/revoke commands. - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Resolved
Priority: Low
Resolution: Fixed
Fix Version/s: 1.1.6
Component/s: None
Labels:
None

Description

In order to improve IAuthority interface I propose to add the following new permissions: USE, SELECT, CREATE, ALTER, DROP, UPDATE, DELETE, ALL, NONE. And the following new commands to the CQL 3.0 which would give users possibility (with appropriate implementation) to dynamically change user's rights to access system objects:

GRANT <permission> ON <resource> TO <user> [WITH GRANT OPTION];
REVOKE <permission> ON <resource> FROM <user_name>;
LIST GRANTS FOR <user>; // Not 'SHOW' because it's reserved for cqlsh for commands like 'show cluster'

where <resource> is Keyspace or ColumnFamily (initially, but extendable to indexes or configration options in the future), and <permission> is listed above.

To keep the system backward compatible with old authorization interface implementations Permission class would include the mappings of the new to old
permissions:

READ -> USE, SELECT
WRITE -> USE, CREATE, ALTER, DROP, UPDATE, DELETE

Attachments

Options
- Sort By Name
- Sort By Date
- Ascending
- Descending

Attachments

CASSANDRA-4490.patch
07/Aug/12 10:49
57 kB
Pavel Yaskevich
CASSANDRA-4490-v2.patch
05/Sep/12 22:26
64 kB
Pavel Yaskevich
4490-v3.txt
05/Sep/12 23:28
63 kB
Yuki Morishita

Activity

People

Assignee:

Pavel Yaskevich

Reporter:

Pavel Yaskevich

Authors:

Pavel Yaskevich

Reviewers:

Yuki Morishita

Votes:

0 Vote for this issue

Watchers:

5 Start watching this issue

Dates

Created:

04/Aug/12 23:11

Updated:

16/Apr/19 09:32

Resolved:

10/Sep/12 15:31