[ https://issues.apache.org/jira/browse/CASSANDRA-12151?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16383488#comment-16383488 ]
Stefan Podkowinski commented on CASSANDRA-12151: ------------------------------------------------ [~vinaykumarcse] wrote: bq. Seems like a complicated configuration, would like to understand the use cases more here and see if anyone else needs this functionality. All the usecases that I see here are Auditing at the cluster or no auditing, but not specific to user. I would love to hear if there are any other users with this usecase. Usually you'll see two kind of users on production systems: privileged users and application users. Auditing privileged users (admins or developers) will almost always make sense, in order to be able to detect unauthorized access and data manipulation. There's only a limited amount of statements to log, as these will be executed manually. It also shouldn't matter which keyspaces or tables are access by the users; he is either monitored or not. However, auditing queries of application users has a very limited security and data privacy benefit, but adds a great deal of load to the database. Those queries will be automatically generated by the application and there will be no way to tell if the query or statement was authorized, as you don't know on behalf of whom it was executed. Any auditing functionality for these operations must therefor take place at application level. Eg. a help desk tool, which is used by a support employee to access personal data of a customer in Cassandra, must keep an activity log for that directly. It doesn't make sense to log queries for the generic help desk tool Cassandra user on the database side. Therefor we need a way to enable CQL query auditing on user level. > Audit logging for database activity > ----------------------------------- > > Key: CASSANDRA-12151 > URL: https://issues.apache.org/jira/browse/CASSANDRA-12151 > Project: Cassandra > Issue Type: New Feature > Reporter: stefan setyadi > Assignee: Vinay Chella > Priority: Major > Fix For: 4.x > > Attachments: 12151.txt, > DesignProposal_AuditingFeature_ApacheCassandra_v1.docx > > > we would like a way to enable cassandra to log database activity being done > on our server. > It should show username, remote address, timestamp, action type, keyspace, > column family, and the query statement. > it should also be able to log connection attempt and changes to the > user/roles. > I was thinking of making a new keyspace and insert an entry for every > activity that occurs. > Then It would be possible to query for specific activity or a query targeting > a specific keyspace and column family. -- This message was sent by Atlassian JIRA (v7.6.3#76005) --------------------------------------------------------------------- To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org For additional commands, e-mail: commits-h...@cassandra.apache.org