[ 
https://issues.apache.org/jira/browse/CASSANDRA-7653?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14329667#comment-14329667
 ] 

Jonathan Ellis commented on CASSANDRA-7653:
-------------------------------------------

Two questions:

- Why is superuser a flag on a role instead of a permission?
- {{CREATE ROLE manager WITH LOGIN PASSWORD ’foo’}} is more natural than 
{{CREATE ROLE manager WITH  PASSWORD ’foo’ LOGIN}}.  Can we make WITH the 
global option delimiter the way it is for CREATE TABLE, rather than tied to 
password?

> Add role based access control to Cassandra
> ------------------------------------------
>
>                 Key: CASSANDRA-7653
>                 URL: https://issues.apache.org/jira/browse/CASSANDRA-7653
>             Project: Cassandra
>          Issue Type: New Feature
>          Components: Core
>            Reporter: Mike Adamson
>            Assignee: Sam Tunnicliffe
>              Labels: docs-impacting, security
>             Fix For: 3.0
>
>         Attachments: 7653.patch, CQLSmokeTest.java, cql_smoke_test.py
>
>
> The current authentication model supports granting permissions to individual 
> users. While this is OK for small or medium organizations wanting to 
> implement authorization, it does not work well in large organizations because 
> of the overhead of having to maintain the permissions for each user.
> Introducing roles into the authentication model would allow sets of 
> permissions to be controlled in one place as a role and then the role granted 
> to users. Roles should also be able to be granted to other roles to allow 
> hierarchical sets of permissions to be built up.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to