[jira] [Commented] (CASSANDRA-8303) Provide "strict mode" for CQL Queries

Mon, 12 Jan 2015 01:37:53 -0800 

    [ 
https://issues.apache.org/jira/browse/CASSANDRA-8303?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14273438#comment-14273438
 ] 

Sam Tunnicliffe commented on CASSANDRA-8303:
--------------------------------------------

Agreed, the yaml overrides would be clunky at best so I'm definitely +1 on 
doing it via authz exclusively.

Also, location most definitely does not fit into the resource hierarchy, so +1 
to Aleksey's points there.

I'd question whether UNPREPARED_STATEMENTS was really necessary. parsing 
regular statements certainly doesn't have anything near the potential impact of 
ALLOW FILTERING or multipartition queries, so I'd be tempted to leave that out 
for version 1 and if it proves to be a genuine issue we can always consider 
adding it later.

I've also been thinking about alternatives for syntax. One option could be to 
attach the restrictions to the (existing) permission that they affect, rather 
than simply making new permissions.

{code}
GRANT SELECT ON <resource> TO <user> WITH RESTRICTION ON MULTIPARTITION_QUERY;
GRANT SELECT ON <resource> TO <user> WITH RESTRICTION ON ALLOW_FILTERING;
GRANT SELECT ON <resource> TO <user> WITH RESTRICTION ON INDEX_USAGE;
GRANT ALTER ON <resource> TO <user> WITH RESTRICTION ON INDEX_CREATION;
GRANT MODIFY ON <resource> TO <user> WITH RESTRICTION ON LOGGED_BATCH;
GRANT MODIFY ON <resource> TO <user> WITH RESTRICTION ON UNLOGGED_BATCH;
{code}

Behaviour & syntax for unrestricted GRANTS would remain unchanged & backwards 
compatible.

FTR, I'm not advocating this syntax yet as the version suggested by Aleksey is 
certainly more SQL-ish, but just wanted to put it up for discussion. Adding 
restrictions as a first class concept in the language *may* simplify things 
conceptually and prevent a proliferation of permissions.

> Provide "strict mode" for CQL Queries
> -------------------------------------
>
>                 Key: CASSANDRA-8303
>                 URL: https://issues.apache.org/jira/browse/CASSANDRA-8303
>             Project: Cassandra
>          Issue Type: Improvement
>            Reporter: Anupam Arora
>             Fix For: 3.0
>
>
> Please provide a "strict mode" option in cassandra that will kick out any CQL 
> queries that are expensive, e.g. any query with ALLOWS FILTERING, 
> multi-partition queries, secondary index queries, etc.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to