[jira] Commented: (CASSANDRA-1237) Store AccessLevels externally to IAuthenticator

Tue, 27 Jul 2010 14:31:45 -0700 

    [ 
https://issues.apache.org/jira/browse/CASSANDRA-1237?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12892936#action_12892936
 ] 

Folke Behrens commented on CASSANDRA-1237:
------------------------------------------

In AuthenticatedUser.toString(): String.format() is a static method that takes 
the format as its first parameter.

Again, please drop defaultUser() and put the "super admin" status directly into 
AuthenticatedUser or use a not configurable pseudo group for super admins.

> Store AccessLevels externally to IAuthenticator
> -----------------------------------------------
>
>                 Key: CASSANDRA-1237
>                 URL: https://issues.apache.org/jira/browse/CASSANDRA-1237
>             Project: Cassandra
>          Issue Type: Bug
>          Components: Core
>            Reporter: Stu Hood
>            Assignee: Stu Hood
>             Fix For: 0.7.0
>
>         Attachments: 
> 0001-Consolidate-KSMetaData-mutations-into-copy-methods.patch, 
> 0002-Thrift-and-Avro-interface-changes.patch, 
> 0003-Add-user-and-group-access-maps-to-Keyspace-metadata.patch, 
> 0004-Remove-AccessLevel-return-value-from-login-and-retur.patch, 
> 0005-Move-per-thread-state-into-a-ClientState-object-1-pe.patch, 
> 0006-Apply-access.properties-to-keyspaces-during-an-upgra.patch, 
> sample-usage.patch, simple-JAASAuthenticator.patch.txt
>
>
> Currently, the concept of authentication (proving the identity of a user) is 
> mixed up with permissions (determining whether a user is able to 
> create/read/write databases). Rather than determining the permissions that a 
> user has, the IAuthenticator should only be capable of authenticating a user, 
> and permissions (specifically, an AccessLevel) should be stored consistently 
> by Cassandra.
> The primary goal of this ticket is to separate AccessLevels from 
> IAuthenticators, and to persist a map of User->AccessLevel along with:
> * EDIT: Separating the addition of 'global scope' permissions into a separate 
> ticket
> * each keyspace, where the AccessLevel continues to have its current meaning
> ----
> In separate tickets, we would like to improve the AccessLevel structure so 
> that it can store role/permission bits independently, rather than being level 
> based.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

Reply via email to