We are using Cassandra 0.8.7 and building a multi-tenant cassandra platform where we have a common KS and common CFs for all tenants. By using Hector's virtual keyspaces, we are able to add modify rowkeys to have a tenant specific id. (Note that we do not allow tenants to modify/create KS/CF. We just allow tenants to write and read data) However we are in the process of adding authentication and authorization on top of this platform such that no tenant should be able to retrieve data belonging to any other tenant.
By configuring Cassandra for security using the documentation here - http://www.datastax.com/docs/0.8/configuration/authentication
, we were able to apply the security constraints on the common keyspace and common CFs. However this does not prevent a tenant from retrieving data belonging to another tenant. For this to happen, we would need to have separate CFs and/or keyspaces for each tenant.
More generally, how do we prevent a tenant from intentional/accidental data manipulation of data owned by another tenant? (given that all tenants will provide the right credentials)