[
https://issues.apache.org/jira/browse/CASSANDRA-14471?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16513577#comment-16513577
]
Benjamin Lerer edited comment on CASSANDRA-14471 at 6/15/18 9:16 AM:
---------------------------------------------------------------------
I have several concerns with your proposal.
# Trying to treat audit logging in a similar way to the roles/permissions
seems wrong to me. The 2 have completely different logic and should be clearly
separated at the code level.
# The {{MUTE}}/{{UNMUTE}} syntax is in my opinion confusing. It is also
limited because it only allow you to do a white list approach. I would rather
prefer a syntax similar to what
[Transact-SQL|https://docs.microsoft.com/en-us/sql/t-sql/statements/create-server-audit-transact-sql?view=sql-server-2017]
is doing.
# The approach that you would like to use for persisting the whitelists is
risky. If one of your node cannot get the data from the configuration table it
might be unable to start (this problem is an existing one with the current auth
framework). It is the main reason why the configuration is usually read at
startup from the yaml file and overidding is allowed through JMX.
was (Author: blerer):
I have several concerns with your proposal.
# Trying to treat audit logging in a similar way to the roles/permissions
seems wrong to me. The 2 have completely different logic and should be clearly
separated at the code level.
# The {{MUTE}}/{{UNMUTE}} syntax is in my opinion confusing. It is also
limited because it only allow you to do a white list approach. I would rather
prefer a syntax similar to what
[Transact-SQL|https://docs.microsoft.com/en-us/sql/t-sql/statements/create-server-audit-transact-sql?view=sql-server-2017]
is doing.
# The approach that you would like to use for persisting the whitelists is
risky. If one of your node cannot get quorum on the configuration table it
might be unable to start (this problem is an existing one with the current auth
framework). It is the main reason why the configuration is usually read at
startup from the yaml file and overidding is allowed through JMX.
> Manage audit whitelists with CQL
> --------------------------------
>
> Key: CASSANDRA-14471
> URL: https://issues.apache.org/jira/browse/CASSANDRA-14471
> Project: Cassandra
> Issue Type: Improvement
> Reporter: Per Otterström
> Priority: Major
> Labels: audit, security
> Fix For: 4.0
>
>
> Since CASSANDRA-12151 is merged we have support for audit logs in Cassandra.
> With this ticket I want to explore the idea of managing audit whitelists
> using CQL.
> I can think of a few different benefits compared to current yaml-based
> whitelist/blacklist approach.
> * Nodes would always be aligned - no risk that node configuraiton go out of
> sync as tables are added and whitelists updated.
> * Easier to manage whitelists in large clusters - change in one place and
> apply cluster wide.
> * Changes to the whitelists would be in the audit log itself.
>
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
