cassandra-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Dave Brosius (JIRA)" <j...@apache.org>
Subject [jira] [Comment Edited] (CASSANDRA-7216) Restricted superuser account request
Date Thu, 15 May 2014 06:04:29 GMT

    [ https://issues.apache.org/jira/browse/CASSANDRA-7216?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13998471#comment-13998471
] 

Dave Brosius edited comment on CASSANDRA-7216 at 5/15/14 6:03 AM:
------------------------------------------------------------------

against trunk

added, 

create user 'foo' with password 'bar' as useradmin;

which allows that user to create other users, but not other naughty superuser type stuffs.


was (Author: dbrosius):
against trunk

added, 

create user 'foo' with password 'bar' as useradmin;

which allows that user to create other users, but not superuser type stuffs.

> Restricted superuser account request
> ------------------------------------
>
>                 Key: CASSANDRA-7216
>                 URL: https://issues.apache.org/jira/browse/CASSANDRA-7216
>             Project: Cassandra
>          Issue Type: Improvement
>            Reporter: Oded Peer
>            Assignee: Dave Brosius
>            Priority: Minor
>             Fix For: 3.0
>
>         Attachments: 7216.txt
>
>
> I am developing a multi-tenant service.
> Every tenant has its own user, keyspace and can access only his keyspace.
> As new tenants are provisioned there is a need to create new users and keyspaces.
> Only a superuser can issue CREATE USER requests, so we must have a super user account
in the system. On the other hand super users have access to all the keyspaces, which poses
a security risk.
> For tenant provisioning I would like to have a restricted account which can only create
new users, without read access to keyspaces.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

Mime
View raw message