You are viewing a plain text version of this content. The canonical link for it is here.

Posted to user@cassandra.apache.org by Moshe Kranc <mo...@gmail.com> on 2015/06/07 23:19:58 UTC

DSE 4.7 security

The DSE 4.7 documentation says: You use the familiar relational database
GRANT/REVOKE paradigm to grant or revoke permissions to

access Cassandra data.

Does this mean authorization is per table?

What if I need finer grain authorization, e.g., per row or even per cell
(e.g., a specific column in a specific row may not be seen by users in a
group)?

Do I need to implement this in my application, because Cassandra does not
support it?

Re: DSE 4.7 security

Posted by Jack Krupansky <ja...@gmail.com>.

Cassandra authorization is at the keyspace and table level. Click on the
GRANT link on the doc page, to get more info:
http://docs.datastax.com/en/cql/3.1/cql/cql_reference/grant_r.html

Which says "*Permissions to access all keyspaces, a named keyspace, or a
table can be granted to a user.*"

There is no finer-grain authorization at the row, column, or cell level.

You might want to open a Jira for this valuable feature.

-- Jack Krupansky

On Sun, Jun 7, 2015 at 5:19 PM, Moshe Kranc <mo...@gmail.com> wrote:

> The DSE 4.7 documentation says: You use the familiar relational database
> GRANT/REVOKE paradigm to grant or revoke permissions to
>
> access Cassandra data.
>
> Does this mean authorization is per table?
>
> What if I need finer grain authorization, e.g., per row or even per cell
> (e.g., a specific column in a specific row may not be seen by users in a
> group)?
>
> Do I need to implement this in my application, because Cassandra does not
> support it?
>