[CASSANDRA-7216] Creating database resources automatically grants creator full permissions - ASF JIRA

Agile Board

Attach files

Attach Screenshot

Voters

Watch issue

Watchers

Convert to Issue

Move

Link

Clone

Labels

Update Comment Author

Replace String in Comment

Update Comment Visibility

Delete Comments

XML

Word

Printable

JSON

Details

Type: Sub-task
Status: Resolved
Priority: Low
Resolution: Fixed
Fix Version/s: 2.2.0 beta 1
Component/s: Legacy/CQL, Legacy/Distributed Metadata
Labels:
None

Description

I am developing a multi-tenant service.
Every tenant has its own user, keyspace and can access only his keyspace.
As new tenants are provisioned there is a need to create new users and keyspaces.
Only a superuser can issue CREATE USER requests, so we must have a super user account in the system. On the other hand super users have access to all the keyspaces, which poses a security risk.
For tenant provisioning I would like to have a restricted account which can only create new users, without read access to keyspaces.

Attachments

7216.txt
16/May/14 01:19
19 kB
David Brosius
7216-8650.txt
03/Feb/15 13:26
21 kB
Sam Tunnicliffe
7216-POC.txt
19/May/14 21:08
4 kB
Aleksey Yeschenko

Add Link

Issue Links

requires

CASSANDRA-8650 Creation and maintenance of roles should not require superuser status

Resolved

Delete this link

Activity

Comment

$i18n.getText('security.level.explanation', $currentSelection) Viewable by All Users

Cancel

People

Assignee:

Sam Tunnicliffe Assign to me

Reporter:

Oded Peer

Authors:

Sam Tunnicliffe

Reviewers:

Aleksey Yeschenko

Votes:

0 Vote for this issue

Watchers:

7 Start watching this issue

Dates

Created:

13/May/14 05:50

Updated:

16/Apr/19 09:31

Resolved:

13/Feb/15 23:06

Agile

View on Board

Details

Description

Attachments

Attachments

Issue Links

Activity

People

Dates

Agile

Issue deployment