incubator-cassandra-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Benjamin Coverston <ben.covers...@datastax.com>
Subject Re: access.properties
Date Thu, 24 Mar 2011 20:51:00 GMT
Hi Hayden,

What you are describing certainly seems useful. I am not aware of anyone 
using the security features of the SimpleAuthenticator anywhere in 
production. If you have a real world use case and would like to see the 
authenticator improved please open a JIRA ticket. If you have something 
specific in mind please contribute!

Thanks,
Ben

On 3/24/11 10:52 AM, Hayden Andrews wrote:
> Hi ya,
>
> I'm few days into the Cassandra experience and this is my first message
> here :)
>
> I've set up a dev instance of Cassandra and have got logins and access
> working. Well, I thought I did, but I have found that my user that can add
> and remove column families, can not insert or get the rows.
>
> I really hope that I do not have to edit the access file to set
> permissions for every user for every column family. I would like users to
> either be able to update the keyspace (including any and all column
> families) or only have read-only access to everything.
>
> Since column families can be added and removed from a client app, it would
> be really painfully hacky to have to write a script to update the access
> file every time the client app adds or removes column families!
>
> Anyway, some parts of my config files and a test below,
>
>
> Cheers,
>
> Hayden
>
> Cassandra v0.7.4
>
> cassandra.yaml:
> authenticator: org.apache.cassandra.auth.SimpleAuthenticator
> authority: org.apache.cassandra.auth.SimpleAuthority
>
> access.properties:
> <modify-keyspaces>=hayden
> test.<rw>=hayden
> test.<ro>=other,users
>
> Now, if I login, using the cassandra-cli program, and attach to the
> keyspace and then ...
>
> [hayden@test] describe keyspace;
>
> Keyspace: test:
>    Replication Strategy: org.apache.cassandra.locator.SimpleStrategy
>      Replication Factor: 1
>    Column Families:
>
> [hayden@test] create column family potato;
> [hayden@test] describe keyspace;
>
> Keyspace: test:
>    Replication Strategy: org.apache.cassandra.locator.SimpleStrategy
>      Replication Factor: 1
>    Column Families:
>      ColumnFamily: potato
>        Columns sorted by: org.apache.cassandra.db.marshal.BytesType
>        Row cache size / save period: 0.0/0
>        Key cache size / save period: 200000.0/14400
>        Memtable thresholds: 0.056249999999999994/12/1440
>        GC grace seconds: 864000
>        Compaction min/max thresholds: 4/32
>        Read repair chance: 1.0
>        Built indexes: []
>
> [hayden@test] list potato;
>
> #<User hayden groups=[]>  does not have permission READ for
> /cassandra/keyspaces/test/potato
>

-- 
Ben Coverston
DataStax -- The Apache Cassandra Company
http://www.datastax.com/


Mime
View raw message