[
https://issues.apache.org/jira/browse/CASSANDRA-1237?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Stu Hood updated CASSANDRA-1237:
--------------------------------
Description:
Currently, the concept of authentication (proving the identity of a user) is
mixed up with permissions (determining whether a user is able to
create/read/write databases). Rather than determining the permissions that a
user has, the IAuthenticator should only be capable of authenticating a user,
and permissions (specifically, an AccessLevel) should be stored consistently by
Cassandra.
The primary goal of this ticket is to separate AccessLevels from
IAuthenticators, and to persist a map of User->AccessLevel along with:
* EDIT: Separating the addition of 'global scope' permissions into a separate
ticket
* each keyspace, where the AccessLevel continues to have its current meaning
----
In separate tickets, we would like to improve the AccessLevel structure so that
it can store role/permission bits independently, rather than being level based.
was:
Currently, the concept of authentication (proving the identity of a user) is
mixed up with permissions (determining whether a user is able to
create/read/write databases). Rather than determining the permissions that a
user has, the IAuthenticator should only be capable of authenticating a user,
and permissions (specifically, an AccessLevel) should be stored consistently by
Cassandra.
The primary goal of this ticket is to separate AccessLevels from
IAuthenticators, and to persist a map of User->AccessLevel along with:
* the global scope, where the AccessLevel refers to permission to read/write to
the list of keyspaces
* each keyspace, where the AccessLevel continues to have its current meaning
----
In separate tickets, we would like to improve the AccessLevel structure so that
it can store role/permission bits independently, rather than being level based.
> Store AccessLevels externally to IAuthenticator
> -----------------------------------------------
>
> Key: CASSANDRA-1237
> URL: https://issues.apache.org/jira/browse/CASSANDRA-1237
> Project: Cassandra
> Issue Type: Bug
> Components: Core
> Reporter: Stu Hood
> Assignee: Stu Hood
> Fix For: 0.7
>
>
> Currently, the concept of authentication (proving the identity of a user) is
> mixed up with permissions (determining whether a user is able to
> create/read/write databases). Rather than determining the permissions that a
> user has, the IAuthenticator should only be capable of authenticating a user,
> and permissions (specifically, an AccessLevel) should be stored consistently
> by Cassandra.
> The primary goal of this ticket is to separate AccessLevels from
> IAuthenticators, and to persist a map of User->AccessLevel along with:
> * EDIT: Separating the addition of 'global scope' permissions into a separate
> ticket
> * each keyspace, where the AccessLevel continues to have its current meaning
> ----
> In separate tickets, we would like to improve the AccessLevel structure so
> that it can store role/permission bits independently, rather than being level
> based.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
