cassandra-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Wei Deng (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (CASSANDRA-8303) Create a capability limitation framework
Date Wed, 17 Jun 2015 18:21:03 GMT

    [ https://issues.apache.org/jira/browse/CASSANDRA-8303?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14590255#comment-14590255
] 

Wei Deng commented on CASSANDRA-8303:
-------------------------------------

I'd like to add one more use case here: we need to allow the DBA to restrict the application
code from enabling query tracing. We know tracing is used for debugging query performance
problems and can be very useful in the development stage for the Cassandra application developers
and DBAs. However, if the developer is not careful to turn it off when they roll out the application
code in production, then they might unknowingly incur performance overhead from query tracing.
Sometimes this could be overwhelming and you will start to see a lot of dropped _TRACE messages
in "nodetool tpstats". The DBA needs to have this control to turn off the capability of enabling
query tracing on all tables so that they don't have to worry about something they don't have
control but can negatively impact the C* performance.

> Create a capability limitation framework
> ----------------------------------------
>
>                 Key: CASSANDRA-8303
>                 URL: https://issues.apache.org/jira/browse/CASSANDRA-8303
>             Project: Cassandra
>          Issue Type: Improvement
>            Reporter: Anupam Arora
>            Assignee: Sam Tunnicliffe
>             Fix For: 3.x
>
>
> In addition to our current Auth framework that acts as a white list, and regulates access
to data, functions, and roles, it would be beneficial to have a different, capability limitation
framework, that would be orthogonal to Auth, and would act as a blacklist.
> Example uses:
> - take away the ability to TRUNCATE from all users but the admin (TRUNCATE itself would
still require MODIFY permission)
> - take away the ability to use ALLOW FILTERING from all users but Spark/Hadoop (SELECT
would still require SELECT permission)
> - take away the ability to use UNLOGGED BATCH from everyone (the operation itself would
still require MODIFY permission)
> - take away the ability to use certain consistency levels (make certain tables LWT-only
for all users, for example)
> Original description:
> Please provide a "strict mode" option in cassandra that will kick out any CQL queries
that are expensive, e.g. any query with ALLOWS FILTERING, multi-partition queries, secondary
index queries, etc.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message