cassandra-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Aleksey Yeschenko (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (CASSANDRA-8303) Provide "strict mode" for CQL Queries
Date Sat, 10 Jan 2015 00:27:35 GMT

    [ https://issues.apache.org/jira/browse/CASSANDRA-8303?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14272145#comment-14272145
] 

Aleksey Yeschenko commented on CASSANDRA-8303:
----------------------------------------------

After some thinking, I'm with Sylvain on this: the least bad way to implement this is via
authz alone.

Also, any permissions we add must fit the hierarchy. That means no per-DC permissions - there
is no place for DCs in resource hierarchy. Use different users with different roles if you
need to - a separate role for Spark that can do whatever it wants, with a user that only operates
on the analytics DC should solve the issue.

SELECT and MODIFY would have to be split into more granular permissions for this whole thing
to make any coherent sense. For example (just an example, please don't debate naming, or the
set itself), for SELECT:
- GRANT INDEXING ON .. TO ..
- GRANT FILTERING ON .. TO ..
- GRANT SINGLE PARTITION SELECT ON .. TO ..
- GRANT MULTI PARTITION SELECT ON .. TO ..

SELECT itself would become an alias, just like ALL is currently. GRANT SELECT would grant
those 4 permissions under the hood.

Similar stuff with MODIFY.

If you agree in principle, then we should start debating granularity and naming, because converting
these (SELECT and MODIFY into actual permissions) would have to be done on 2.1-3.0 upgrade
step of CASSANDRA-7653, and 3.0 is coming up soon.





> Provide "strict mode" for CQL Queries
> -------------------------------------
>
>                 Key: CASSANDRA-8303
>                 URL: https://issues.apache.org/jira/browse/CASSANDRA-8303
>             Project: Cassandra
>          Issue Type: Improvement
>            Reporter: Anupam Arora
>             Fix For: 3.0
>
>
> Please provide a "strict mode" option in cassandra that will kick out any CQL queries
that are expensive, e.g. any query with ALLOWS FILTERING, multi-partition queries, secondary
index queries, etc.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message