-
Type:
Sub-task
-
Status: Resolved
-
Priority:
Low
-
Resolution: Fixed
-
Fix Version/s: 2.2.0 beta 1
-
Component/s: Legacy/CQL, Legacy/Distributed Metadata
-
Labels:None
I am developing a multi-tenant service.
Every tenant has its own user, keyspace and can access only his keyspace.
As new tenants are provisioned there is a need to create new users and keyspaces.
Only a superuser can issue CREATE USER requests, so we must have a super user account in the system. On the other hand super users have access to all the keyspaces, which poses a security risk.
For tenant provisioning I would like to have a restricted account which can only create new users, without read access to keyspaces.
- requires
-
CASSANDRA-8650 Creation and maintenance of roles should not require superuser status
-
- Resolved
-