It’s been a while. Here are 2 classes I looked at: https://github.com/apache/cassandra/blob/81f6c784ce967fadb6ed7f58de1328e713eaf53c/src/java/org/apache/cassandra/auth/IAuthorizer.java
https://github.com/apache/cassandra/blob/81f6c784ce967fadb6ed7f58de1328e713eaf53c/src/java/org/apache/cassandra/auth/CassandraAuthorizer.java I have not looked into how and when this method is called “Set<Permission> authorize(AuthenticatedUser user, IResource resource);” Anurag, if you have bandwidth, you can put some trace statements in the default implementation class and see whether it is called on each resource access. To give you some context, HBase uses coprocessor, where you can do the permission check and it is called on each get/put/scan, etc. Apache Accumolo uses a different model, where the caller passes the security context/label and Accumulo server just applies it (trusts the client). While in some other applications, during authentication the roles are retrieved and the roles are applied throughout the session. Understanding the model Cassandra uses will help us come with the right strategy. If it follows the HBase/Hive model, then it should be pretty straight forward to write Ranger plugin by implementing IAuthorizer interface. Thanks Bosco From: Ramesh Mani <rm...@hortonworks.com> Date: Wednesday, April 19, 2017 at 3:56 PM To: "user@ranger.apache.org" <user@ranger.apache.org>, "d...@ranger.apache.org" <d...@ranger.apache.org> Cc: Don Bosco Durai <bo...@apache.org>, Madhan Neethiraj <mad...@apache.org> Subject: Re: ranger for cassandra Earlier I have reviewed briefly the Cassandra authorizer and it is RBAC based authorization model which is not a straight forward fit into Ranger’s Attribute Based Access Control model. Including dev list also. Pinging Bosco / Madhan to give their thoughts. Thanks, Ramesh From: anurag gujral <anurag.guj...@gmail.com> Reply-To: "user@ranger.apache.org" <user@ranger.apache.org> Date: Wednesday, April 19, 2017 at 3:31 PM To: "user@ranger.apache.org" <user@ranger.apache.org> Subject: ranger for cassandra Hi All, Can you please share if there is any plan to support apache ranger for cassandra? Thanks, Anurag
