You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cassandra.apache.org by "Blake Eggleston (JIRA)" <ji...@apache.org> on 2017/11/08 01:10:00 UTC
[jira] [Comment Edited] (CASSANDRA-13985) Support restricting reads
and writes to specific datacenters on a per user basis
[ https://issues.apache.org/jira/browse/CASSANDRA-13985?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16243207#comment-16243207 ]
Blake Eggleston edited comment on CASSANDRA-13985 at 11/8/17 1:09 AM:
----------------------------------------------------------------------
Here’s an initial implementation to optionally add specific datacenters when granting permissions: https://github.com/bdeggleston/cassandra/tree/13985
was (Author: bdeggleston):
Here’s an initial implementation optionally add specific datacenters when granting permissions: https://github.com/bdeggleston/cassandra/tree/13985
> Support restricting reads and writes to specific datacenters on a per user basis
> --------------------------------------------------------------------------------
>
> Key: CASSANDRA-13985
> URL: https://issues.apache.org/jira/browse/CASSANDRA-13985
> Project: Cassandra
> Issue Type: Bug
> Reporter: Blake Eggleston
> Assignee: Blake Eggleston
> Priority: Minor
>
> There are a few use cases where it makes sense to restrict the operations a given user can perform in specific data centers. The obvious use case is the production/analytics datacenter configuration. You don’t want the production user to be reading/or writing to the analytics datacenter, and you don’t want the analytics user to be reading from the production datacenter.
> Although we expect users to get this right on that application level, we should also be able to enforce this at the database level. The first approach that comes to mind would be to support an optional DC parameter when granting select and modify permissions to roles. Something like {{GRANT SELECT ON some_keyspace TO that_user IN DC dc1}}, statements that omit the dc would implicitly be granting permission to all dcs. However, I’m not married to this approach.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@cassandra.apache.org
For additional commands, e-mail: commits-help@cassandra.apache.org