You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cassandra.apache.org by "Stu Hood (JIRA)" <ji...@apache.org> on 2010/07/09 17:32:50 UTC

[jira] Updated: (CASSANDRA-1237) Store AccessLevels externally to IAuthenticator

     [ https://issues.apache.org/jira/browse/CASSANDRA-1237?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Stu Hood updated CASSANDRA-1237:
--------------------------------

        Summary: Store AccessLevels externally to IAuthenticator  (was: Store AuthLevels externally to IAuthenticator)
    Description: 
Currently, the concept of authentication (proving the identity of a user) is mixed up with permissions (determining whether a user is able to create/read/write databases). Rather than determining the permissions that a user has, the IAuthenticator should only be capable of authenticating a user, and permissions (specifically, an AccessLevel) should be stored consistently by Cassandra.

The primary goal of this ticket is to separate AccessLevels from IAuthenticators, and to persist a map of User->AccessLevel along with:
* the global scope, where the AccessLevel refers to permission to read/write to the list of keyspaces
* each keyspace, where the AccessLevel continues to have its current meaning

----

In separate tickets, we would like to improve the AccessLevel structure so that it can store role/permission bits independently, rather than being level based.

  was:
Currently, the concept of authentication (proving the identity of a user) is mixed up with permissions (determining whether a user is able to create/read/write databases). Rather than determining the permissions that a user has, the IAuthenticator should only be capable of authenticating a user, and permissions (specifically, an AuthLevel) should be stored consistently by Cassandra.

The primary goal of this ticket is to separate AuthLevels from IAuthenticators, and to persist a map of User->AuthLevel along with:
* the global scope, where the AuthLevel refers to permission to read/write to the list of keyspaces
* each keyspace, where the AuthLevel continues to have its current meaning

----

In separate tickets, we would like to improve the AuthLevel structure so that it can store role/permission bits independently, rather than being level based.


> Store AccessLevels externally to IAuthenticator
> -----------------------------------------------
>
>                 Key: CASSANDRA-1237
>                 URL: https://issues.apache.org/jira/browse/CASSANDRA-1237
>             Project: Cassandra
>          Issue Type: Bug
>          Components: Core
>            Reporter: Stu Hood
>            Assignee: Stu Hood
>             Fix For: 0.7
>
>
> Currently, the concept of authentication (proving the identity of a user) is mixed up with permissions (determining whether a user is able to create/read/write databases). Rather than determining the permissions that a user has, the IAuthenticator should only be capable of authenticating a user, and permissions (specifically, an AccessLevel) should be stored consistently by Cassandra.
> The primary goal of this ticket is to separate AccessLevels from IAuthenticators, and to persist a map of User->AccessLevel along with:
> * the global scope, where the AccessLevel refers to permission to read/write to the list of keyspaces
> * each keyspace, where the AccessLevel continues to have its current meaning
> ----
> In separate tickets, we would like to improve the AccessLevel structure so that it can store role/permission bits independently, rather than being level based.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.