You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@cassandra.apache.org by "Sam Tunnicliffe (JIRA)" <ji...@apache.org> on 2015/12/04 21:41:11 UTC

[jira] [Updated] (CASSANDRA-7216) Restricted superuser account request

     [ https://issues.apache.org/jira/browse/CASSANDRA-7216?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Sam Tunnicliffe updated CASSANDRA-7216:
---------------------------------------
    Component/s: CQL

> Restricted superuser account request
> ------------------------------------
>
>                 Key: CASSANDRA-7216
>                 URL: https://issues.apache.org/jira/browse/CASSANDRA-7216
>             Project: Cassandra
>          Issue Type: Sub-task
>          Components: CQL, Distributed Metadata
>            Reporter: Oded Peer
>            Assignee: Sam Tunnicliffe
>            Priority: Minor
>             Fix For: 2.2.0 beta 1
>
>         Attachments: 7216-8650.txt, 7216-POC.txt, 7216.txt
>
>
> I am developing a multi-tenant service.
> Every tenant has its own user, keyspace and can access only his keyspace.
> As new tenants are provisioned there is a need to create new users and keyspaces.
> Only a superuser can issue CREATE USER requests, so we must have a super user account in the system. On the other hand super users have access to all the keyspaces, which poses a security risk.
> For tenant provisioning I would like to have a restricted account which can only create new users, without read access to keyspaces.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)