[
https://issues.apache.org/jira/browse/CASSANDRA-1237?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12893689#action_12893689
]
Eric Evans edited comment on CASSANDRA-1237 at 7/29/10 12:31 PM:
-----------------------------------------------------------------
On the one hand, decoupling access levels seems like a Good Move, and from that
stand-point this is an improvement over the status quo, but I disagree with the
decision to bundle the access levels in keyspace definitions.
Wouldn't it be reasonable to create another interface (IAuthority or whatever)
and off-load how access levels are persisted to implementations (similar to how
it is done with IAuthenticator)?
-1 (in the ASF-sense), I believe this should be rolled back.
EDIT: and I do apologize for coming into this late, as opposed to when it was
actively being discussed.
was (Author: urandom):
On the one hand, decoupling access levels seems like a Good Move, and from
that stand-point this is an improvement over the status quo, but I disagree
with the decision to bundle the access levels in keyspace definitions.
Wouldn't it be reasonable to create another interface (IAuthority or whatever)
and off-load how access levels are persisted to implementations (similar to how
it is done with IAuthenticator)?
-1 (in the ASF-sense), I believe this should be rolled back.
> Store AccessLevels externally to IAuthenticator
> -----------------------------------------------
>
> Key: CASSANDRA-1237
> URL: https://issues.apache.org/jira/browse/CASSANDRA-1237
> Project: Cassandra
> Issue Type: Bug
> Components: Core
> Reporter: Stu Hood
> Assignee: Stu Hood
> Fix For: 0.7 beta 1
>
> Attachments:
> 0001-Consolidate-KSMetaData-mutations-into-copy-methods.patch,
> 0002-Thrift-and-Avro-interface-changes.patch,
> 0003-Add-user-and-group-access-maps-to-Keyspace-metadata.patch,
> 0004-Remove-AccessLevel-return-value-from-login-and-retur.patch,
> 0005-Move-per-thread-state-into-a-ClientState-object-1-pe.patch,
> 0006-Apply-access.properties-to-keyspaces-during-an-upgra.patch,
> sample-usage.patch
>
>
> Currently, the concept of authentication (proving the identity of a user) is
> mixed up with permissions (determining whether a user is able to
> create/read/write databases). Rather than determining the permissions that a
> user has, the IAuthenticator should only be capable of authenticating a user,
> and permissions (specifically, an AccessLevel) should be stored consistently
> by Cassandra.
> The primary goal of this ticket is to separate AccessLevels from
> IAuthenticators, and to persist a map of User->AccessLevel along with:
> * EDIT: Separating the addition of 'global scope' permissions into a separate
> ticket
> * each keyspace, where the AccessLevel continues to have its current meaning
> ----
> In separate tickets, we would like to improve the AccessLevel structure so
> that it can store role/permission bits independently, rather than being level
> based.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
