Uploaded image for project: 'Cassandra'
  1. Cassandra
  2. CASSANDRA-8303

Create a capability limitation framework

    XMLWordPrintableJSON

Details

    Description

      In addition to our current Auth framework that acts as a white list, and regulates access to data, functions, and roles, it would be beneficial to have a different, capability limitation framework, that would be orthogonal to Auth, and would act as a blacklist.

      Example uses:

      • take away the ability to TRUNCATE from all users but the admin (TRUNCATE itself would still require MODIFY permission)
      • take away the ability to use ALLOW FILTERING from all users but Spark/Hadoop (SELECT would still require SELECT permission)
      • take away the ability to use UNLOGGED BATCH from everyone (the operation itself would still require MODIFY permission)
      • take away the ability to use certain consistency levels (make certain tables LWT-only for all users, for example)

      Original description:
      Please provide a "strict mode" option in cassandra that will kick out any CQL queries that are expensive, e.g. any query with ALLOWS FILTERING, multi-partition queries, secondary index queries, etc.

      Attachments

        Issue Links

          is duplicated by

          New Feature - A new feature of the product, which has yet to be developed. CASSANDRA-8754 Required consistency level

          • Normal -
          • Resolved

          New Feature - A new feature of the product, which has yet to be developed. CASSANDRA-8082 Consider re-introducing TRUNCATE permission

          • Low -
          • Resolved

          New Feature - A new feature of the product, which has yet to be developed. CASSANDRA-8828 Counter of ALLOW FILTERING queries

          • Low -
          • Resolved

          Improvement - An improvement or enhancement to an existing feature or task. CASSANDRA-8957 Move TRUNCATE from MODIFY to DROP permission group

          • Normal -
          • Resolved

          Improvement - An improvement or enhancement to an existing feature or task. CASSANDRA-9106 disable secondary indexes by default

          • Normal -
          • Resolved

          Improvement - An improvement or enhancement to an existing feature or task. CASSANDRA-11012 Allow tracing CQL of a specific client only, based on IP (range)

          • Low -
          • Resolved
          is related to

          Improvement - An improvement or enhancement to an existing feature or task. CASSANDRA-6559 cqlsh should warn about ALLOW FILTERING

          • Low -
          • Open

          Improvement - An improvement or enhancement to an existing feature or task. CASSANDRA-10444 Create an option to forcibly disable tracing

          • Low -
          • Open

          Improvement - An improvement or enhancement to an existing feature or task. CASSANDRA-9106 disable secondary indexes by default

          • Normal -
          • Resolved
          relates to

          Improvement - An improvement or enhancement to an existing feature or task. CASSANDRA-15775 Configuration to disallow queries with "allow filtering"

          • Normal -
          • Open

          Improvement - An improvement or enhancement to an existing feature or task. CASSANDRA-9282 Warn on unlogged batches

          • Normal -
          • Resolved
          links to

          Web Link Design doc

          Web Link Design Doc (Confluence)

          Activity

            People

              Unassigned Unassigned
              anupamarora Anupam Arora
              Votes:
              10 Vote for this issue
              Watchers:
              39 Start watching this issue

              Dates

                Created:
                Updated: