Uploaded image for project: 'Apache Cassandra'
  1. Apache Cassandra
  2. CASSANDRA-4490

Improve IAuthority interface by introducing fine-grained access permissions and grant/revoke commands.

    XMLWordPrintableJSON

Details

    • Improvement
    • Status: Resolved
    • Low
    • Resolution: Fixed
    • 1.1.6
    • None
    • None

    Description

      In order to improve IAuthority interface I propose to add the following new permissions: USE, SELECT, CREATE, ALTER, DROP, UPDATE, DELETE, ALL, NONE. And the following new commands to the CQL 3.0 which would give users possibility (with appropriate implementation) to dynamically change user's rights to access system objects:

      GRANT <permission> ON <resource> TO <user> [WITH GRANT OPTION];
      REVOKE <permission> ON <resource> FROM <user_name>;
      LIST GRANTS FOR <user>; // Not 'SHOW' because it's reserved for cqlsh for commands like 'show cluster'

      where <resource> is Keyspace or ColumnFamily (initially, but extendable to indexes or configration options in the future), and <permission> is listed above.

      To keep the system backward compatible with old authorization interface implementations Permission class would include the mappings of the new to old
      permissions:

      READ -> USE, SELECT
      WRITE -> USE, CREATE, ALTER, DROP, UPDATE, DELETE

      Attachments

        1. CASSANDRA-4490.patch
          57 kB
          Pavel Yaskevich
        2. CASSANDRA-4490-v2.patch
          64 kB
          Pavel Yaskevich
        3. 4490-v3.txt
          63 kB
          Yuki Morishita

        Activity

          People

            xedin Pavel Yaskevich
            xedin Pavel Yaskevich
            Pavel Yaskevich
            Yuki Morishita
            Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: