incubator-cassandra-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Hayden Andrews" <hay...@heydan.co.uk>
Subject Re: access.properties
Date Thu, 24 Mar 2011 21:50:31 GMT
Thanks for that Ben,

Just to clarify:

The current behavior is that if a user is given access to create and
destroy column families, then they will be unable to edit/view any data in
any column family they create unless they are also specifically given
access to the new column family in the access.properties file.

Right?

Hayden :)


> Hi Hayden,
>
> What you are describing certainly seems useful. I am not aware of anyone
> using the security features of the SimpleAuthenticator anywhere in
> production. If you have a real world use case and would like to see the
> authenticator improved please open a JIRA ticket. If you have something
> specific in mind please contribute!
>
> Thanks,
> Ben
>
> On 3/24/11 10:52 AM, Hayden Andrews wrote:
>> Hi ya,
>>
>> I'm few days into the Cassandra experience and this is my first message
>> here :)
>>
>> I've set up a dev instance of Cassandra and have got logins and access
>> working. Well, I thought I did, but I have found that my user that can
>> add
>> and remove column families, can not insert or get the rows.
>>
>> I really hope that I do not have to edit the access file to set
>> permissions for every user for every column family. I would like users
>> to
>> either be able to update the keyspace (including any and all column
>> families) or only have read-only access to everything.
>>
>> Since column families can be added and removed from a client app, it
>> would
>> be really painfully hacky to have to write a script to update the access
>> file every time the client app adds or removes column families!
>>
>> Anyway, some parts of my config files and a test below,
>>
>>
>> Cheers,
>>
>> Hayden
>>
>> Cassandra v0.7.4
>>
>> cassandra.yaml:
>> authenticator: org.apache.cassandra.auth.SimpleAuthenticator
>> authority: org.apache.cassandra.auth.SimpleAuthority
>>
>> access.properties:
>> <modify-keyspaces>=hayden
>> test.<rw>=hayden
>> test.<ro>=other,users
>>
>> Now, if I login, using the cassandra-cli program, and attach to the
>> keyspace and then ...
>>
>> [hayden@test] describe keyspace;
>>
>> Keyspace: test:
>>    Replication Strategy: org.apache.cassandra.locator.SimpleStrategy
>>      Replication Factor: 1
>>    Column Families:
>>
>> [hayden@test] create column family potato;
>> [hayden@test] describe keyspace;
>>
>> Keyspace: test:
>>    Replication Strategy: org.apache.cassandra.locator.SimpleStrategy
>>      Replication Factor: 1
>>    Column Families:
>>      ColumnFamily: potato
>>        Columns sorted by: org.apache.cassandra.db.marshal.BytesType
>>        Row cache size / save period: 0.0/0
>>        Key cache size / save period: 200000.0/14400
>>        Memtable thresholds: 0.056249999999999994/12/1440
>>        GC grace seconds: 864000
>>        Compaction min/max thresholds: 4/32
>>        Read repair chance: 1.0
>>        Built indexes: []
>>
>> [hayden@test] list potato;
>>
>> #<User hayden groups=[]>  does not have permission READ for
>> /cassandra/keyspaces/test/potato
>>
>
> --
> Ben Coverston
> DataStax -- The Apache Cassandra Company
> http://www.datastax.com/
>
>
> !DSPAM:7,4d8baed9224092596520844!
>
>


Mime
View raw message