cassandra-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Blake Eggleston (JIRA)" <>
Subject [jira] [Commented] (CASSANDRA-13985) Support restricting reads and writes to specific datacenters on a per user basis
Date Tue, 05 Dec 2017 23:09:00 GMT


Blake Eggleston commented on CASSANDRA-13985:

Coming back to this, I think that the implicit granting by omission seems like the least bad
option. Basically wildcard by default. I expect the most common use case will be to confine
a user to a single data center. So I’m looking at this this from the perspective of making
that easy to achieve.

I don’t think implementing this as a straight up whitelist would work because it creates
a chicken and egg problem of turning on the authz feature and being able to connect to it
and configure it. Also, if you’re only interested in confining a subset of all your users,
it becomes difficult to administer. On the other hand, a black list would add the overhead
of having to go and update each restricted role any time a dc is added. Obviously it’s not
something that happens often, but I don’t think we need to add another detail that needs
to be worried about (and easily overlooked) if we can avoid it.

> Support restricting reads and writes to specific datacenters on a per user basis
> --------------------------------------------------------------------------------
>                 Key: CASSANDRA-13985
>                 URL:
>             Project: Cassandra
>          Issue Type: Improvement
>            Reporter: Blake Eggleston
>            Assignee: Blake Eggleston
>            Priority: Minor
>             Fix For: 4.0
> There are a few use cases where it makes sense to restrict the operations a given user
can perform in specific data centers. The obvious use case is the production/analytics datacenter
configuration. You don’t want the production user to be reading/or writing to the analytics
datacenter, and you don’t want the analytics user to be reading from the production datacenter.
> Although we expect users to get this right on that application level, we should also
be able to enforce this at the database level. The first approach that comes to mind would
be to support an optional DC parameter when granting select and modify permissions to roles.
Something like {{GRANT SELECT ON some_keyspace TO that_user IN DC dc1}}, statements that omit
the dc would implicitly be granting permission to all dcs. However, I’m not married to this

This message was sent by Atlassian JIRA

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message