You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cassandra.apache.org by "Blake Eggleston (JIRA)" <ji...@apache.org> on 2017/12/05 23:09:00 UTC
[jira] [Commented] (CASSANDRA-13985) Support restricting reads and
writes to specific datacenters on a per user basis
[ https://issues.apache.org/jira/browse/CASSANDRA-13985?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16279342#comment-16279342 ]
Blake Eggleston commented on CASSANDRA-13985:
---------------------------------------------
Coming back to this, I think that the implicit granting by omission seems like the least bad option. Basically wildcard by default. I expect the most common use case will be to confine a user to a single data center. So I’m looking at this this from the perspective of making that easy to achieve.
I don’t think implementing this as a straight up whitelist would work because it creates a chicken and egg problem of turning on the authz feature and being able to connect to it and configure it. Also, if you’re only interested in confining a subset of all your users, it becomes difficult to administer. On the other hand, a black list would add the overhead of having to go and update each restricted role any time a dc is added. Obviously it’s not something that happens often, but I don’t think we need to add another detail that needs to be worried about (and easily overlooked) if we can avoid it.
> Support restricting reads and writes to specific datacenters on a per user basis
> --------------------------------------------------------------------------------
>
> Key: CASSANDRA-13985
> URL: https://issues.apache.org/jira/browse/CASSANDRA-13985
> Project: Cassandra
> Issue Type: Improvement
> Reporter: Blake Eggleston
> Assignee: Blake Eggleston
> Priority: Minor
> Fix For: 4.0
>
>
> There are a few use cases where it makes sense to restrict the operations a given user can perform in specific data centers. The obvious use case is the production/analytics datacenter configuration. You don’t want the production user to be reading/or writing to the analytics datacenter, and you don’t want the analytics user to be reading from the production datacenter.
> Although we expect users to get this right on that application level, we should also be able to enforce this at the database level. The first approach that comes to mind would be to support an optional DC parameter when granting select and modify permissions to roles. Something like {{GRANT SELECT ON some_keyspace TO that_user IN DC dc1}}, statements that omit the dc would implicitly be granting permission to all dcs. However, I’m not married to this approach.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@cassandra.apache.org
For additional commands, e-mail: commits-help@cassandra.apache.org