You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@cassandra.apache.org by "Pavel Yaskevich (JIRA)" <ji...@apache.org> on 2012/09/05 23:21:09 UTC

[jira] [Updated] (CASSANDRA-4490) Improve IAuthority interface by introducing fine-grained access permissions and grant/revoke commands.

     [ https://issues.apache.org/jira/browse/CASSANDRA-4490?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Pavel Yaskevich updated CASSANDRA-4490:
---------------------------------------

    Attachment: CASSANDRA-4490-v2.patch

v2 introduces IAuthority2 interface with extends the original IAuthority and adds IAuthorityContainer to be able to handle dynamic commands without requiring any changes to existing user implementations, plus it includes improvements to the permission checking.
                
> Improve IAuthority interface by introducing fine-grained access permissions and grant/revoke commands.
> ------------------------------------------------------------------------------------------------------
>
>                 Key: CASSANDRA-4490
>                 URL: https://issues.apache.org/jira/browse/CASSANDRA-4490
>             Project: Cassandra
>          Issue Type: Improvement
>          Components: Core
>            Reporter: Pavel Yaskevich
>            Assignee: Pavel Yaskevich
>            Priority: Minor
>             Fix For: 1.1.6
>
>         Attachments: CASSANDRA-4490.patch, CASSANDRA-4490-v2.patch
>
>
> In order to improve IAuthority interface I propose to add the following new permissions: USE, SELECT, CREATE, ALTER, DROP, UPDATE, DELETE, ALL, NONE. And the following new commands to the CQL 3.0 which would give users possibility (with appropriate implementation) to dynamically change user's rights to access system objects:
> GRANT  <permission> ON <resource> TO <user> [WITH GRANT OPTION];
> REVOKE <permission> ON <resource> FROM <user_name>;
> LIST GRANTS FOR <user>; // Not 'SHOW' because it's reserved for cqlsh for commands like 'show cluster'
> where <resource> is Keyspace or ColumnFamily (initially, but extendable to indexes or configration options in the future), and <permission> is listed above.
> To keep the system backward compatible with old authorization interface implementations Permission class would include the mappings of the new to old 
> permissions:
> READ  -> USE, SELECT
> WRITE -> USE, CREATE, ALTER, DROP, UPDATE, DELETE

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira