Return-Path: X-Original-To: apmail-cassandra-user-archive@www.apache.org Delivered-To: apmail-cassandra-user-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id D3E2C45B3 for ; Mon, 11 Jul 2011 15:22:20 +0000 (UTC) Received: (qmail 22690 invoked by uid 500); 11 Jul 2011 15:22:18 -0000 Delivered-To: apmail-cassandra-user-archive@cassandra.apache.org Received: (qmail 22624 invoked by uid 500); 11 Jul 2011 15:22:17 -0000 Mailing-List: contact user-help@cassandra.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: user@cassandra.apache.org Delivered-To: mailing list user@cassandra.apache.org Received: (qmail 22614 invoked by uid 99); 11 Jul 2011 15:22:17 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 11 Jul 2011 15:22:17 +0000 X-ASF-Spam-Status: No, hits=-0.7 required=5.0 tests=FREEMAIL_FROM,RCVD_IN_DNSWL_LOW,SPF_PASS,T_TO_NO_BRKTS_FREEMAIL X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: domain of mor.yuki@gmail.com designates 209.85.210.172 as permitted sender) Received: from [209.85.210.172] (HELO mail-iy0-f172.google.com) (209.85.210.172) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 11 Jul 2011 15:22:12 +0000 Received: by iye7 with SMTP id 7so4602527iye.31 for ; Mon, 11 Jul 2011 08:21:51 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type:content-transfer-encoding; bh=5go4oF1WjNQMaTEnvzB8Ng1SCAW92sit1pFoZEvmyZ8=; b=e9M4XoH0lGrKnFFxtG8qnbg15X803Ko7PcZXu+KDdOBPrcIKBu4tfko5vVLpChgrRB RqpXgDB7B1fljJuSLC7bF/OBCdYiI/05Sbf637xLzcBhCZG1E7JLYwp/rqh9ClWg0NnB XwVKgPpTq5Hnl6LFeu44X2/pMNXwO+Pp71dPk= MIME-Version: 1.0 Received: by 10.43.46.196 with SMTP id up4mr4416809icb.344.1310397711659; Mon, 11 Jul 2011 08:21:51 -0700 (PDT) Received: by 10.43.48.70 with HTTP; Mon, 11 Jul 2011 08:21:51 -0700 (PDT) In-Reply-To: References: Date: Tue, 12 Jul 2011 00:21:51 +0900 Message-ID: Subject: Re: Limit what nodes are writeable From: Yuki Morishita To: user@cassandra.apache.org Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable I never used the feature, but there is the way to control access based on user name. Configuring both conf/passwd.properties and conf/access.properties, then modify cassandra.yaml as follows. # authentication backend, implementing IAuthenticator; used to identify use= rs authenticator: org.apache.cassandra.auth.SimpleAuthenticator # authorization backend, implementing IAuthority; used to limit access/provide permissions authority: org.apache.cassandra.auth.SimpleAuthority 2011/7/11 Maki Watanabe : > Cassandra has authentication interface, but doesn't have authorization. > So you need to implement authorization in your application layer. > > maki > > > 2011/7/11 David McNelis : >> I've been looking in the documentation and haven't found anything about >> this... =C2=A0but is there support for making a node =C2=A0read-only? >> For example, you have a cluster set up in two different data centers / r= acks >> / whatever, with your replication strategy set up so that the data is >> redundant between the two places. =C2=A0In one of the places all of the = incoming >> data will be =C2=A0processed and inserted into your cluster. =C2=A0In th= e other data >> center you plan to allow people to run analytics, but you want to restri= ct >> the permissions so that the people running=C2=A0analytics=C2=A0can conne= ct to >> Cassandra in whatever way makes the most sense for them, but you don't w= ant >> those people to be able to edit/update data. >> Is it currently possible to configure your cluster in this manner? =C2= =A0Or would >> it only be possible through a third-party solution like wrapping one of = the >> access libraries in a way that does not support write operations. >> >> -- >> David McNelis >> Lead Software Engineer >> Agentis Energy >> www.agentisenergy.com >> o: 630.359.6395 >> c: 219.384.5143 >> A Smart Grid technology company focused on helping consumers of energy >> control an often under-managed resource. >> >> > > > > -- > w3m > --=20 Yuki Morishita =C2=A0t:yukim (http://twitter.com/yukim)