Uploaded image for project: 'Cassandra'
  1. Cassandra
  2. CASSANDRA-8303

Create a capability limitation framework

    XMLWordPrintableJSON

    Details

      Description

      In addition to our current Auth framework that acts as a white list, and regulates access to data, functions, and roles, it would be beneficial to have a different, capability limitation framework, that would be orthogonal to Auth, and would act as a blacklist.

      Example uses:

      • take away the ability to TRUNCATE from all users but the admin (TRUNCATE itself would still require MODIFY permission)
      • take away the ability to use ALLOW FILTERING from all users but Spark/Hadoop (SELECT would still require SELECT permission)
      • take away the ability to use UNLOGGED BATCH from everyone (the operation itself would still require MODIFY permission)
      • take away the ability to use certain consistency levels (make certain tables LWT-only for all users, for example)

      Original description:
      Please provide a "strict mode" option in cassandra that will kick out any CQL queries that are expensive, e.g. any query with ALLOWS FILTERING, multi-partition queries, secondary index queries, etc.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                Unassigned
                Reporter:
                anupamarora Anupam Arora
              • Votes:
                11 Vote for this issue
                Watchers:
                36 Start watching this issue

                Dates

                • Created:
                  Updated: