Improve permissions to allow control over creation/removal/listing of Keyspaces
-------------------------------------------------------------------------------
Key: CASSANDRA-1271
URL: https://issues.apache.org/jira/browse/CASSANDRA-1271
Project: Cassandra
Issue Type: Improvement
Reporter: Stu Hood
Priority: Minor
Fix For: 0.7
Once 1237 is completed, we'd like to improve AccessLevels so that they can be
applied to the global scope, instead of just individual keyspaces.
Steps for this ticket:
* Improve/replace the AccessLevel structure to be more like a set of boolean
permissions, rather than being level based
* Store a global map of (users/groups)->AccessLevel that will define which
users have permission to create/remove/list keyspaces.
** This map would be persisted in the "system" keyspace, or in the Migrations
keyspace in such a fashion that modifying permissions on one node ripples out
to the rest
* Add a client interface method that allows adding/removing permissions in the
global map (set_global_permissions ?)
----
Expected usecase, starting from an empty cluster, with authentication enabled:
# Set a password for a "super/root" user (that has been predefined in Cassandra
by default) in an IAuthenticator specific way
# Super user authenticates in Thrift
# Super user gives more users permission to create/list/remove keyspaces via
the proposed Thrift 'set_global_permissions' method
# Users authenticate via Thrift
# Users create/remove/list keyspaces
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
