You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cassandra.apache.org by "Paulo Motta (JIRA)" <ji...@apache.org> on 2015/12/21 14:26:46 UTC
[jira] [Commented] (CASSANDRA-7653) Add role based access control
to Cassandra
[ https://issues.apache.org/jira/browse/CASSANDRA-7653?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15066441#comment-15066441 ]
Paulo Motta commented on CASSANDRA-7653:
----------------------------------------
bq. Once all nodes are upgraded, an operator with superuser privileges should drop the legacy tables, which will prompt PA, CRM and CA to switch over to the new tables without requiring a further rolling restart.
Is there any reason why we don't do this automatically? I find it a bit strange to ask users to drop system tables (a potentially dangerous operation) to complete an upgrade. It would be nice in the future to provide a {{nodetool upgradesystemtables}} command to perform these types of post-upgrade tasks.
> Add role based access control to Cassandra
> ------------------------------------------
>
> Key: CASSANDRA-7653
> URL: https://issues.apache.org/jira/browse/CASSANDRA-7653
> Project: Cassandra
> Issue Type: Sub-task
> Components: CQL, Distributed Metadata
> Reporter: Mike Adamson
> Assignee: Sam Tunnicliffe
> Labels: docs-impacting, security
> Fix For: 2.2.0 beta 1
>
> Attachments: 7653.patch, CQLSmokeTest.java, cql_smoke_test.py
>
>
> The current authentication model supports granting permissions to individual users. While this is OK for small or medium organizations wanting to implement authorization, it does not work well in large organizations because of the overhead of having to maintain the permissions for each user.
> Introducing roles into the authentication model would allow sets of permissions to be controlled in one place as a role and then the role granted to users. Roles should also be able to be granted to other roles to allow hierarchical sets of permissions to be built up.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)