You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@cassandra.apache.org by David McNelis <dm...@agentisenergy.com> on 2011/07/11 15:41:45 UTC
Limit what nodes are writeable
I've been looking in the documentation and haven't found anything about
this... but is there support for making a node read-only?
For example, you have a cluster set up in two different data centers / racks
/ whatever, with your replication strategy set up so that the data is
redundant between the two places. In one of the places all of the incoming
data will be processed and inserted into your cluster. In the other data
center you plan to allow people to run analytics, but you want to restrict
the permissions so that the people running analytics can connect to
Cassandra in whatever way makes the most sense for them, but you don't want
those people to be able to edit/update data.
Is it currently possible to configure your cluster in this manner? Or would
it only be possible through a third-party solution like wrapping one of the
access libraries in a way that does not support write operations.
--
*David McNelis*
Lead Software Engineer
Agentis Energy
www.agentisenergy.com
o: 630.359.6395
c: 219.384.5143
*A Smart Grid technology company focused on helping consumers of energy
control an often under-managed resource.*
Re: Limit what nodes are writeable
Posted by Yuki Morishita <mo...@gmail.com>.
I never used the feature, but there is the way to control access based
on user name.
Configuring both conf/passwd.properties and conf/access.properties, then
modify cassandra.yaml as follows.
# authentication backend, implementing IAuthenticator; used to identify users
authenticator: org.apache.cassandra.auth.SimpleAuthenticator
# authorization backend, implementing IAuthority; used to limit
access/provide permissions
authority: org.apache.cassandra.auth.SimpleAuthority
2011/7/11 Maki Watanabe <wa...@gmail.com>:
> Cassandra has authentication interface, but doesn't have authorization.
> So you need to implement authorization in your application layer.
>
> maki
>
>
> 2011/7/11 David McNelis <dm...@agentisenergy.com>:
>> I've been looking in the documentation and haven't found anything about
>> this... but is there support for making a node read-only?
>> For example, you have a cluster set up in two different data centers / racks
>> / whatever, with your replication strategy set up so that the data is
>> redundant between the two places. In one of the places all of the incoming
>> data will be processed and inserted into your cluster. In the other data
>> center you plan to allow people to run analytics, but you want to restrict
>> the permissions so that the people running analytics can connect to
>> Cassandra in whatever way makes the most sense for them, but you don't want
>> those people to be able to edit/update data.
>> Is it currently possible to configure your cluster in this manner? Or would
>> it only be possible through a third-party solution like wrapping one of the
>> access libraries in a way that does not support write operations.
>>
>> --
>> David McNelis
>> Lead Software Engineer
>> Agentis Energy
>> www.agentisenergy.com
>> o: 630.359.6395
>> c: 219.384.5143
>> A Smart Grid technology company focused on helping consumers of energy
>> control an often under-managed resource.
>>
>>
>
>
>
> --
> w3m
>
--
Yuki Morishita
t:yukim (http://twitter.com/yukim)
Re: Limit what nodes are writeable
Posted by Maki Watanabe <wa...@gmail.com>.
Cassandra has authentication interface, but doesn't have authorization.
So you need to implement authorization in your application layer.
maki
2011/7/11 David McNelis <dm...@agentisenergy.com>:
> I've been looking in the documentation and haven't found anything about
> this... but is there support for making a node read-only?
> For example, you have a cluster set up in two different data centers / racks
> / whatever, with your replication strategy set up so that the data is
> redundant between the two places. In one of the places all of the incoming
> data will be processed and inserted into your cluster. In the other data
> center you plan to allow people to run analytics, but you want to restrict
> the permissions so that the people running analytics can connect to
> Cassandra in whatever way makes the most sense for them, but you don't want
> those people to be able to edit/update data.
> Is it currently possible to configure your cluster in this manner? Or would
> it only be possible through a third-party solution like wrapping one of the
> access libraries in a way that does not support write operations.
>
> --
> David McNelis
> Lead Software Engineer
> Agentis Energy
> www.agentisenergy.com
> o: 630.359.6395
> c: 219.384.5143
> A Smart Grid technology company focused on helping consumers of energy
> control an often under-managed resource.
>
>
--
w3m