incubator-cassandra-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Maki Watanabe <watanabe.m...@gmail.com>
Subject Re: Cassandra as Database for Role Based Access Control System
Date Wed, 21 Mar 2012 01:26:10 GMT
> user ---n:m--- role ---n:m--- resource

It can work, but Cassandra is not RDBMS as you know, so RDBMS-ish data
modeling may not fit in production. (depends on your requirement on
performance. I'm not sure.)
In general you should better to desgin schema from your access pattern.

maki


2012/3/20 Maciej Miklas <mac.miklas@googlemail.com>:
> Hi *,
>
> I would like to know your opinion about using Cassandra to implement a
> RBAC-like authentication & authorization model. We have simplified the
> central relationship of the general model
> (http://en.wikipedia.org/wiki/Role-based_access_control) to:
>
> user ---n:m--- role ---n:m--- resource
>
> user(s) and resource(s) are indexed with externally visible identifiers.
> These identifiers need to be "re-ownable" (think: mail aliases), too.
>
> The main reason to consider Cassandra is the availability, scalability and
> (global) geo-redundancy. This is hard to achieve with a RBDMS.
>
> On the other side, RBAC has many m:n relations. While some inconsistencies
> may be acceptable, resource ownership (i.e. role=owner) must never ever be
> mixed up.
>
> What do you think? Is such relational model an antipattern for Cassandra
> usage? Do you know similar solutions based on Cassandra?
>
>
> Regards,
>
> Maciej
>
>
> ps. I've posted this question also on stackoverflow, but I would like to
> also get feedback from Cassandra community.
>
>
>
>

Mime
View raw message