Return-Path: X-Original-To: apmail-cassandra-commits-archive@www.apache.org Delivered-To: apmail-cassandra-commits-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 8A863178D3 for ; Wed, 8 Oct 2014 08:42:35 +0000 (UTC) Received: (qmail 693 invoked by uid 500); 8 Oct 2014 08:42:34 -0000 Delivered-To: apmail-cassandra-commits-archive@cassandra.apache.org Received: (qmail 657 invoked by uid 500); 8 Oct 2014 08:42:34 -0000 Mailing-List: contact commits-help@cassandra.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@cassandra.apache.org Delivered-To: mailing list commits@cassandra.apache.org Received: (qmail 498 invoked by uid 99); 8 Oct 2014 08:42:34 -0000 Received: from arcas.apache.org (HELO arcas.apache.org) (140.211.11.28) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 08 Oct 2014 08:42:34 +0000 Date: Wed, 8 Oct 2014 08:42:34 +0000 (UTC) From: "Mike Adamson (JIRA)" To: commits@cassandra.apache.org Message-ID: In-Reply-To: References: Subject: [jira] [Commented] (CASSANDRA-7653) Add role based access control to Cassandra MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 [ https://issues.apache.org/jira/browse/CASSANDRA-7653?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14163234#comment-14163234 ] Mike Adamson commented on CASSANDRA-7653: ----------------------------------------- I don't see more fine grained authorization as a part of RBAC. RBAC is about grouping permissions not about the granularity of the permissions they are grouping. I would suggest raising another jira for your requirements. > Add role based access control to Cassandra > ------------------------------------------ > > Key: CASSANDRA-7653 > URL: https://issues.apache.org/jira/browse/CASSANDRA-7653 > Project: Cassandra > Issue Type: New Feature > Components: Core > Reporter: Mike Adamson > Assignee: Mike Adamson > Fix For: 3.0 > > Attachments: 7653.patch > > > The current authentication model supports granting permissions to individual users. While this is OK for small or medium organizations wanting to implement authorization, it does not work well in large organizations because of the overhead of having to maintain the permissions for each user. > Introducing roles into the authentication model would allow sets of permissions to be controlled in one place as a role and then the role granted to users. Roles should also be able to be granted to other roles to allow hierarchical sets of permissions to be built up. -- This message was sent by Atlassian JIRA (v6.3.4#6332)