Return-Path: Delivered-To: apmail-cassandra-commits-archive@www.apache.org Received: (qmail 77364 invoked from network); 28 Jul 2010 16:59:42 -0000 Received: from unknown (HELO mail.apache.org) (140.211.11.3) by 140.211.11.9 with SMTP; 28 Jul 2010 16:59:42 -0000 Received: (qmail 64510 invoked by uid 500); 28 Jul 2010 16:59:41 -0000 Delivered-To: apmail-cassandra-commits-archive@cassandra.apache.org Received: (qmail 64497 invoked by uid 500); 28 Jul 2010 16:59:41 -0000 Mailing-List: contact commits-help@cassandra.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@cassandra.apache.org Delivered-To: mailing list commits@cassandra.apache.org Received: (qmail 64489 invoked by uid 99); 28 Jul 2010 16:59:41 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 28 Jul 2010 16:59:41 +0000 X-ASF-Spam-Status: No, hits=-2000.0 required=10.0 tests=ALL_TRUSTED X-Spam-Check-By: apache.org Received: from [140.211.11.22] (HELO thor.apache.org) (140.211.11.22) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 28 Jul 2010 16:59:41 +0000 Received: from thor (localhost [127.0.0.1]) by thor.apache.org (8.13.8+Sun/8.13.8) with ESMTP id o6SGxLv6018522 for ; Wed, 28 Jul 2010 16:59:21 GMT Message-ID: <32561187.47481280336361410.JavaMail.jira@thor> Date: Wed, 28 Jul 2010 12:59:21 -0400 (EDT) From: "Stu Hood (JIRA)" To: commits@cassandra.apache.org Subject: [jira] Updated: (CASSANDRA-1237) Store AccessLevels externally to IAuthenticator In-Reply-To: <10555271.96441277749849480.JavaMail.jira@thor> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 [ https://issues.apache.org/jira/browse/CASSANDRA-1237?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Stu Hood updated CASSANDRA-1237: -------------------------------- Attachment: (was: 0006-Apply-access.properties-to-keyspaces-during-an-upgra.patch) > Store AccessLevels externally to IAuthenticator > ----------------------------------------------- > > Key: CASSANDRA-1237 > URL: https://issues.apache.org/jira/browse/CASSANDRA-1237 > Project: Cassandra > Issue Type: Bug > Components: Core > Reporter: Stu Hood > Assignee: Stu Hood > Fix For: 0.7.0 > > Attachments: 0001-Consolidate-KSMetaData-mutations-into-copy-methods.patch, 0002-Thrift-and-Avro-interface-changes.patch, 0003-Add-user-and-group-access-maps-to-Keyspace-metadata.patch, 0004-Remove-AccessLevel-return-value-from-login-and-retur.patch, 0005-Move-per-thread-state-into-a-ClientState-object-1-pe.patch, 0006-Apply-access.properties-to-keyspaces-during-an-upgra.patch, sample-usage.patch, simple-JAASAuthenticator.patch.txt > > > Currently, the concept of authentication (proving the identity of a user) is mixed up with permissions (determining whether a user is able to create/read/write databases). Rather than determining the permissions that a user has, the IAuthenticator should only be capable of authenticating a user, and permissions (specifically, an AccessLevel) should be stored consistently by Cassandra. > The primary goal of this ticket is to separate AccessLevels from IAuthenticators, and to persist a map of User->AccessLevel along with: > * EDIT: Separating the addition of 'global scope' permissions into a separate ticket > * each keyspace, where the AccessLevel continues to have its current meaning > ---- > In separate tickets, we would like to improve the AccessLevel structure so that it can store role/permission bits independently, rather than being level based. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.