Store AuthLevels externally to IAuthenticator
---------------------------------------------
Key: CASSANDRA-1237
URL: https://issues.apache.org/jira/browse/CASSANDRA-1237
Project: Cassandra
Issue Type: Bug
Components: Core
Reporter: Stu Hood
Assignee: Stu Hood
Fix For: 0.7
Currently, the concept of authentication (proving the identity of a user) is
mixed up with permissions (determining whether a user is able to
create/read/write databases). Rather than determining the permissions that a
user has, the IAuthenticator should only be capable of authenticating a user,
and permissions (specifically, an AuthLevel) should be stored consistently by
Cassandra.
The primary goal of this ticket is to separate AuthLevels from IAuthenticators,
and to persist a map of User->AuthLevel along with:
* the global scope, where the AuthLevel refers to permission to read/write to
the list of keyspaces
* each keyspace, where the AuthLevel continues to have its current meaning
----
In separate tickets, we would like to improve the AuthLevel structure so that
it can store role/permission bits independently, rather than being level based.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
