[
https://issues.apache.org/jira/browse/CASSANDRA-8303?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17756841#comment-17756841
]
Aleksey Yeschenko commented on CASSANDRA-8303:
----------------------------------------------
This was supposed to be per-role. Guardrails affecting entire nodes.
> Create a capability limitation framework
> ----------------------------------------
>
> Key: CASSANDRA-8303
> URL: https://issues.apache.org/jira/browse/CASSANDRA-8303
> Project: Cassandra
> Issue Type: Improvement
> Components: Legacy/Distributed Metadata
> Reporter: Anupam Arora
> Priority: Normal
> Fix For: 5.x
>
>
> In addition to our current Auth framework that acts as a white list, and
> regulates access to data, functions, and roles, it would be beneficial to
> have a different, capability limitation framework, that would be orthogonal
> to Auth, and would act as a blacklist.
> Example uses:
> - take away the ability to TRUNCATE from all users but the admin (TRUNCATE
> itself would still require MODIFY permission)
> - take away the ability to use ALLOW FILTERING from all users but
> Spark/Hadoop (SELECT would still require SELECT permission)
> - take away the ability to use UNLOGGED BATCH from everyone (the operation
> itself would still require MODIFY permission)
> - take away the ability to use certain consistency levels (make certain
> tables LWT-only for all users, for example)
> Original description:
> Please provide a "strict mode" option in cassandra that will kick out any CQL
> queries that are expensive, e.g. any query with ALLOWS FILTERING,
> multi-partition queries, secondary index queries, etc.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org
For additional commands, e-mail: commits-h...@cassandra.apache.org
