[CASSANDRA-7216] Creating database resources automatically grants creator full permissions - ASF JIRA

Details

Type: Sub-task
Status: Resolved
Priority: Low
Resolution: Fixed
Fix Version/s: 2.2.0 beta 1
Component/s: Legacy/CQL, Legacy/Distributed Metadata
Labels:
None

Description

I am developing a multi-tenant service.
Every tenant has its own user, keyspace and can access only his keyspace.
As new tenants are provisioned there is a need to create new users and keyspaces.
Only a superuser can issue CREATE USER requests, so we must have a super user account in the system. On the other hand super users have access to all the keyspaces, which poses a security risk.
For tenant provisioning I would like to have a restricted account which can only create new users, without read access to keyspaces.

Attachments

Options
- Sort By Name
- Sort By Date
- Ascending
- Descending

Attachments

7216-POC.txt
19/May/14 21:08
4 kB
Aleksey Yeschenko
7216-8650.txt
03/Feb/15 13:26
21 kB
Sam Tunnicliffe
7216.txt
16/May/14 01:19
19 kB
Dave Brosius

Issue Links

requires

CASSANDRA-8650 Creation and maintenance of roles should not require superuser status

Resolved

Activity

People

Assignee:

Sam Tunnicliffe

Reporter:

Oded Peer

Authors:

Sam Tunnicliffe

Reviewers:

Aleksey Yeschenko

Votes:

0 Vote for this issue

Watchers:

7 Start watching this issue

Dates

Created:

13/May/14 05:50

Updated:

16/Apr/19 09:31

Resolved:

13/Feb/15 23:06