cassandra-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Sam Tunnicliffe (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (CASSANDRA-8303) Provide "strict mode" for CQL Queries
Date Mon, 12 Jan 2015 09:37:35 GMT

    [ https://issues.apache.org/jira/browse/CASSANDRA-8303?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14273438#comment-14273438
] 

Sam Tunnicliffe commented on CASSANDRA-8303:
--------------------------------------------

Agreed, the yaml overrides would be clunky at best so I'm definitely +1 on doing it via authz
exclusively.

Also, location most definitely does not fit into the resource hierarchy, so +1 to Aleksey's
points there.

I'd question whether UNPREPARED_STATEMENTS was really necessary. parsing regular statements
certainly doesn't have anything near the potential impact of ALLOW FILTERING or multipartition
queries, so I'd be tempted to leave that out for version 1 and if it proves to be a genuine
issue we can always consider adding it later.

I've also been thinking about alternatives for syntax. One option could be to attach the restrictions
to the (existing) permission that they affect, rather than simply making new permissions.

{code}
GRANT SELECT ON <resource> TO <user> WITH RESTRICTION ON MULTIPARTITION_QUERY;
GRANT SELECT ON <resource> TO <user> WITH RESTRICTION ON ALLOW_FILTERING;
GRANT SELECT ON <resource> TO <user> WITH RESTRICTION ON INDEX_USAGE;
GRANT ALTER ON <resource> TO <user> WITH RESTRICTION ON INDEX_CREATION;
GRANT MODIFY ON <resource> TO <user> WITH RESTRICTION ON LOGGED_BATCH;
GRANT MODIFY ON <resource> TO <user> WITH RESTRICTION ON UNLOGGED_BATCH;
{code}

Behaviour & syntax for unrestricted GRANTS would remain unchanged & backwards compatible.

FTR, I'm not advocating this syntax yet as the version suggested by Aleksey is certainly more
SQL-ish, but just wanted to put it up for discussion. Adding restrictions as a first class
concept in the language *may* simplify things conceptually and prevent a proliferation of
permissions.

> Provide "strict mode" for CQL Queries
> -------------------------------------
>
>                 Key: CASSANDRA-8303
>                 URL: https://issues.apache.org/jira/browse/CASSANDRA-8303
>             Project: Cassandra
>          Issue Type: Improvement
>            Reporter: Anupam Arora
>             Fix For: 3.0
>
>
> Please provide a "strict mode" option in cassandra that will kick out any CQL queries
that are expensive, e.g. any query with ALLOWS FILTERING, multi-partition queries, secondary
index queries, etc.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message