Return-Path: X-Original-To: apmail-cassandra-dev-archive@www.apache.org Delivered-To: apmail-cassandra-dev-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 8304E9C90 for ; Wed, 1 Feb 2012 19:53:19 +0000 (UTC) Received: (qmail 20319 invoked by uid 500); 1 Feb 2012 19:53:13 -0000 Delivered-To: apmail-cassandra-dev-archive@cassandra.apache.org Received: (qmail 19399 invoked by uid 500); 1 Feb 2012 19:53:12 -0000 Mailing-List: contact dev-help@cassandra.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@cassandra.apache.org Delivered-To: mailing list dev@cassandra.apache.org Received: (qmail 19129 invoked by uid 99); 1 Feb 2012 19:53:11 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 01 Feb 2012 19:53:11 +0000 X-ASF-Spam-Status: No, hits=2.8 required=5.0 tests=HTML_MESSAGE,RCVD_IN_DNSWL_LOW,SPF_PASS,URI_HEX X-Spam-Check-By: apache.org Received-SPF: pass (nike.apache.org: domain of subrahmanyaharve@gmail.com designates 209.85.216.172 as permitted sender) Received: from [209.85.216.172] (HELO mail-qy0-f172.google.com) (209.85.216.172) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 01 Feb 2012 19:53:05 +0000 Received: by qcsg13 with SMTP id g13so1070163qcs.31 for ; Wed, 01 Feb 2012 11:52:44 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=mime-version:date:message-id:subject:from:to:content-type; bh=GW4SOPTwiEejG63NYQ9vMJR/mQ6e6nxCxBmRIKNhNG4=; b=C5kdI9ok+FAlAqsys8IMhUQ3sYSGn/I1NCbcU+TZsuri/YJp/sQ50SbA6DhQhERTjs GG6WxuKi/D1+QLIZKIGTg0AD+d2nqkJkDMR34oVcCZP828Cd6ndhbYDoNONI+HS9Q/kd cvwAOZ1RNXE1BWunbvtOh1XgC0KfX78GSyjtk= MIME-Version: 1.0 Received: by 10.224.108.202 with SMTP id g10mr341922qap.24.1328125964825; Wed, 01 Feb 2012 11:52:44 -0800 (PST) Received: by 10.229.14.143 with HTTP; Wed, 1 Feb 2012 11:52:44 -0800 (PST) Date: Wed, 1 Feb 2012 11:52:44 -0800 Message-ID: Subject: Queries on AuthN and AuthZ for multi tenant Cassandra From: Subrahmanya Harve To: user@cassandra.apache.org, dev@cassandra.apache.org Content-Type: multipart/alternative; boundary=20cf3074b2fe59b51b04b7ec6c36 X-Virus-Checked: Checked by ClamAV on apache.org --20cf3074b2fe59b51b04b7ec6c36 Content-Type: text/plain; charset=ISO-8859-1 We are using Cassandra 0.8.7 and building a multi-tenant cassandra platform where we have a common KS and common CFs for all tenants. By using Hector's virtual keyspaces, we are able to add modify rowkeys to have a tenant specific id. (Note that we do not allow tenants to modify/create KS/CF. We just allow tenants to write and read data) However we are in the process of adding authentication and authorization on top of this platform such that no tenant should be able to retrieve data belonging to any other tenant. By configuring Cassandra for security using the documentation here - http://www.datastax.com/docs/0.8/configuration/authentication , we were able to apply the security constraints on the common keyspace and common CFs. However this does not prevent a tenant from retrieving data belonging to another tenant. For this to happen, we would need to have separate CFs and/or keyspaces for each tenant. Looking for more information on the topic here http://cassandra-user-incubator-apache-org.3065146.n2.nabble.com/Re-Multi-tenancy-and-authentication-and-authorization-td5935230.htmland other places, it looks like the recommendation is "not" to create separate CFs and KSs for every tenant as this would have impacts on Memtables and other memory issues. Does this recommendation still hold good? With jiras like https://issues.apache.org/jira/browse/CASSANDRA-2006resolved, does it mean we can now create multiple (but limited) CFs and KSs? More generally, how do we prevent a tenant from intentional/accidental data manipulation of data owned by another tenant? (given that all tenants will provide the right credentials) --20cf3074b2fe59b51b04b7ec6c36--