Uploaded image for project: 'Cassandra'
  1. Cassandra
  2. CASSANDRA-8394 Cassandra 3.0 Auth changes
  3. CASSANDRA-7216

Creating database resources automatically grants creator full permissions

    XMLWordPrintableJSON

    Details

      Description

      I am developing a multi-tenant service.
      Every tenant has its own user, keyspace and can access only his keyspace.
      As new tenants are provisioned there is a need to create new users and keyspaces.
      Only a superuser can issue CREATE USER requests, so we must have a super user account in the system. On the other hand super users have access to all the keyspaces, which poses a security risk.
      For tenant provisioning I would like to have a restricted account which can only create new users, without read access to keyspaces.

        Attachments

        1. 7216-POC.txt
          4 kB
          Aleksey Yeschenko
        2. 7216-8650.txt
          21 kB
          Sam Tunnicliffe
        3. 7216.txt
          19 kB
          Dave Brosius

          Issue Links

          requires

          Sub-task - The sub-task of the issue CASSANDRA-8650 Creation and maintenance of roles should not require superuser status

          • Normal -
          • Resolved

            Activity

              People

              • Assignee:
                samt Sam Tunnicliffe
                Reporter:
                odpeer Oded Peer
                Authors:
                Sam Tunnicliffe
                Reviewers:
                Aleksey Yeschenko
              • Votes:
                0 Vote for this issue
                Watchers:
                7 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: