You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cassandra.apache.org by ee...@apache.org on 2010/10/06 17:19:28 UTC
svn commit: r1005083 - in /cassandra/trunk: CHANGES.txt NEWS.txt
conf/access.properties
Author: eevans
Date: Wed Oct 6 15:19:28 2010
New Revision: 1005083
URL: http://svn.apache.org/viewvc?rev=1005083&view=rev
Log:
document authorization changes
Patch by eevans for CASSANDRA-1554
Modified:
cassandra/trunk/CHANGES.txt
cassandra/trunk/NEWS.txt
cassandra/trunk/conf/access.properties
Modified: cassandra/trunk/CHANGES.txt
URL: http://svn.apache.org/viewvc/cassandra/trunk/CHANGES.txt?rev=1005083&r1=1005082&r2=1005083&view=diff
==============================================================================
--- cassandra/trunk/CHANGES.txt (original)
+++ cassandra/trunk/CHANGES.txt Wed Oct 6 15:19:28 2010
@@ -11,6 +11,7 @@ dev
* fix moving nodes with no keyspaces defined (CASSANDRA-1574)
* fix unbootstrap when no data is present in a transfer range (CASSANDRA-1573)
* take advantage of AVRO-495 to simplify our avro IDL (CASSANDRA-1436)
+ * extend authorization hierarchy to column family (CASSANDRA-1554)
0.7-beta2
Modified: cassandra/trunk/NEWS.txt
URL: http://svn.apache.org/viewvc/cassandra/trunk/NEWS.txt?rev=1005083&r1=1005082&r2=1005083&view=diff
==============================================================================
--- cassandra/trunk/NEWS.txt (original)
+++ cassandra/trunk/NEWS.txt Wed Oct 6 15:19:28 2010
@@ -26,6 +26,8 @@ Features
- Dynamic endpoint snitch mitigates the impact of impaired nodes
- New `IntegerType`, faster than LongType and allows integers of
both less and more bits than Long's 64
+ - A revamped authentication system that decouples authorization and
+ allows finer-grained control of resources.
Upgrading
---------
@@ -87,6 +89,12 @@ Configuraton
- Keyspace and column family definitions will need to be loaded via
"bin/schematool <host> <jmxport> import". _You only need to do this to
one node_.
+ - In addition to an authenticator, an authority must be configured as
+ well. Users of SimpleAuthenticator should use SimpleAuthority for this
+ value (the default is AllowAllAuthority, which corresponds with
+ AllowAllAuthenticator).
+ - The format of access.properties has changed, see the sample configuration
+ conf/access.properties for documentation on the new format.
JMX
Modified: cassandra/trunk/conf/access.properties
URL: http://svn.apache.org/viewvc/cassandra/trunk/conf/access.properties?rev=1005083&r1=1005082&r2=1005083&view=diff
==============================================================================
--- cassandra/trunk/conf/access.properties (original)
+++ cassandra/trunk/conf/access.properties Wed Oct 6 15:19:28 2010
@@ -14,12 +14,19 @@
# See the License for the specific language governing permissions and
# limitations under the License.
-# This is a sample access file for SimpleAuthority. The format of
-# this file is keyspace=users, where users is a comma delimited list of
-# authenticatable users from passwd.properties. This file contains
-# potentially sensitive information, keep this in mind when setting its
-# mode and ownership.
+# This is a sample access file for SimpleAuthority. The format of this file
+# is KEYSPACE[.COLUMNFAMILY].PERMISSION=USERS, where:
#
+# * KEYSPACE is the keyspace name.
+# * COLUMNFAMILY is the column family name.
+# * PERMISSION is one of <ro> or <rw> for read-only or read-write respectively.
+# * USERS is a comma delimited list of users from passwd.properties.
+#
+# See below for example entries.
+
+# NOTE: This file contains potentially sensitive information, please keep
+# this in mind when setting its mode and ownership.
+
# The magical '<modify-keyspaces>' property lists users who can modify the
# list of keyspaces: all users will be able to view the list of keyspaces.
<modify-keyspaces>=jsmith