Pavel Yaskevich created CASSANDRA-4490:
------------------------------------------
Summary: Improve IAuthority interface by introducing fain-grained
access permissions and grant/revoke commands.
Key: CASSANDRA-4490
URL: https://issues.apache.org/jira/browse/CASSANDRA-4490
Project: Cassandra
Issue Type: Improvement
Components: Core
Reporter: Pavel Yaskevich
Assignee: Pavel Yaskevich
Priority: Minor
Fix For: 1.1.4
In order to improve IAuthority interface I propose to add the following new
permissions: USE, SELECT, CREATE, ALTER, DROP, INSERT, UPDATE, DELETE, ALL,
NONE. And the following new commands to the CQL 3.0 which would give users
possibility (with appropriate implementation) to dynamically change user's
rights to access system objects:
GRANT <permission> ON <resource> TO <user> [WITH GRANT OPTION];
REVOKE <permission> ON <resource> FROM <user_name>;
LIST GRANTS FOR <user>; // Not 'SHOW' because it's reserved for cqlsh for
commands like 'show cluster'
where <resource> is Keyspace or ColumnFamily (initially, but extendable to
indexes or configration options in the future), and <permission> is listed
above.
To keep the system backward compatible with old authorization interface
implementations Permission class would include the mappings of the new to old
permissions:
READ -> USE, SELECT
WRITE -> USE, CREATE, ALTER, DROP, INSERT, UPDATE, DELETE
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
