[
https://issues.apache.org/jira/browse/CASSANDRA-900?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12847770#action_12847770
]
Ted Zlatanov commented on CASSANDRA-900:
----------------------------------------
I separated an INSERT level for writers that shouldn't be able to delete
(logging agents). Overwriting is not the same as deleting: you can only
overwrite what you know; deleting can use ranges. This is a necessary use case
in my environment.
I considered a DELETE access level too, since as you see INSERT and DELETE are
really separate. Perhaps with a separate DELETE, the ALL AccessLevel won't be
needed (see below) because it's an OR of READ+INSERT+DELETE.
The client gets back an AccessLevel so they know in advance what they've been
authorized to do. Throwing an exception later in the game is still done. It's
a single-byte return code, we already store it, and it won't change for the
duration of the connection. I don't see the harm in sending it back. The
client can just ignore it if they want. We could change the return to an int,
though, so we can express "INSERT+DELETE" or "READ+INSERT" numerically without
more AccessLevels.
> access levels for Thrift authorization
> --------------------------------------
>
> Key: CASSANDRA-900
> URL: https://issues.apache.org/jira/browse/CASSANDRA-900
> Project: Cassandra
> Issue Type: New Feature
> Components: Core
> Reporter: Ted Zlatanov
> Attachments: 0001-access-levels-for-Thrift-authorization.patch
>
>
> Provide access levels at the API level, set by the login() method relayed
> through IAuthenticator.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
