cassandra-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Mike Adamson (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (CASSANDRA-7653) Add role based access control to Cassandra
Date Tue, 06 Jan 2015 14:49:35 GMT

    [ https://issues.apache.org/jira/browse/CASSANDRA-7653?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14266182#comment-14266182
] 

Mike Adamson commented on CASSANDRA-7653:
-----------------------------------------

I have a couple of initial thoughts on this. 
# Is the IAuthenticator.constructInitialSaslToken method really necessary? The only usage
of this is from login methods that are only going to use the plain text sasl implementation
offered by the PasswordAuthenticator so they could build the initial token themselves.
# Is there any way of not having the Option enum? This fixes the options that an Authenticator
can support and doesn't allow any 3rd party to have different options but still work with
the CQL grammar. Could we have some similar to the replication strategies? Or perhaps keep
the Option enum but have an option of EXTENSION (or other name) that would allow the passing
in of a json set of extension options.

> Add role based access control to Cassandra
> ------------------------------------------
>
>                 Key: CASSANDRA-7653
>                 URL: https://issues.apache.org/jira/browse/CASSANDRA-7653
>             Project: Cassandra
>          Issue Type: New Feature
>          Components: Core
>            Reporter: Mike Adamson
>            Assignee: Sam Tunnicliffe
>             Fix For: 3.0
>
>         Attachments: 7653.patch, CQLSmokeTest.java, cql_smoke_test.py
>
>
> The current authentication model supports granting permissions to individual users. While
this is OK for small or medium organizations wanting to implement authorization, it does not
work well in large organizations because of the overhead of having to maintain the permissions
for each user.
> Introducing roles into the authentication model would allow sets of permissions to be
controlled in one place as a role and then the role granted to users. Roles should also be
able to be granted to other roles to allow hierarchical sets of permissions to be built up.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message