[
https://issues.apache.org/jira/browse/CASSANDRA-8303?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14273771#comment-14273771
]
Sam Tunnicliffe commented on CASSANDRA-8303:
--------------------------------------------
I had been thinking of extending DataResource, or adding an new IResource impl,
to represent a resource + any restrictions derived from the statement being
executed. hasKeyspaceAccess & hasColumnFamilyAccess on ClientState would get an
extra argument for CQLStatements to pass the necessary restrictions through, so
there wouldn't be any changes to IAuthorizer itself. But while I don't think
that that API would necessarily need to change, you do have a point about the
increasing code complexity particularly regarding composition of restrictions
and in then caching.
So that all said, I'm not opposed to adding a new interface to handle role
based restrictions separately from resources, particularly as that would let us
turn them on without requiring full blown authz.
> Provide "strict mode" for CQL Queries
> -------------------------------------
>
> Key: CASSANDRA-8303
> URL: https://issues.apache.org/jira/browse/CASSANDRA-8303
> Project: Cassandra
> Issue Type: Improvement
> Reporter: Anupam Arora
> Fix For: 3.0
>
>
> Please provide a "strict mode" option in cassandra that will kick out any CQL
> queries that are expensive, e.g. any query with ALLOWS FILTERING,
> multi-partition queries, secondary index queries, etc.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
