Author: eevans Date: Wed Oct 6 15:19:28 2010 New Revision: 1005083 URL: http://svn.apache.org/viewvc?rev=1005083&view=rev Log: document authorization changes
Patch by eevans for CASSANDRA-1554 Modified: cassandra/trunk/CHANGES.txt cassandra/trunk/NEWS.txt cassandra/trunk/conf/access.properties Modified: cassandra/trunk/CHANGES.txt URL: http://svn.apache.org/viewvc/cassandra/trunk/CHANGES.txt?rev=1005083&r1=1005082&r2=1005083&view=diff ============================================================================== --- cassandra/trunk/CHANGES.txt (original) +++ cassandra/trunk/CHANGES.txt Wed Oct 6 15:19:28 2010 @@ -11,6 +11,7 @@ dev * fix moving nodes with no keyspaces defined (CASSANDRA-1574) * fix unbootstrap when no data is present in a transfer range (CASSANDRA-1573) * take advantage of AVRO-495 to simplify our avro IDL (CASSANDRA-1436) + * extend authorization hierarchy to column family (CASSANDRA-1554) 0.7-beta2 Modified: cassandra/trunk/NEWS.txt URL: http://svn.apache.org/viewvc/cassandra/trunk/NEWS.txt?rev=1005083&r1=1005082&r2=1005083&view=diff ============================================================================== --- cassandra/trunk/NEWS.txt (original) +++ cassandra/trunk/NEWS.txt Wed Oct 6 15:19:28 2010 @@ -26,6 +26,8 @@ Features - Dynamic endpoint snitch mitigates the impact of impaired nodes - New `IntegerType`, faster than LongType and allows integers of both less and more bits than Long's 64 + - A revamped authentication system that decouples authorization and + allows finer-grained control of resources. Upgrading --------- @@ -87,6 +89,12 @@ Configuraton - Keyspace and column family definitions will need to be loaded via "bin/schematool <host> <jmxport> import". _You only need to do this to one node_. + - In addition to an authenticator, an authority must be configured as + well. Users of SimpleAuthenticator should use SimpleAuthority for this + value (the default is AllowAllAuthority, which corresponds with + AllowAllAuthenticator). + - The format of access.properties has changed, see the sample configuration + conf/access.properties for documentation on the new format. JMX Modified: cassandra/trunk/conf/access.properties URL: http://svn.apache.org/viewvc/cassandra/trunk/conf/access.properties?rev=1005083&r1=1005082&r2=1005083&view=diff ============================================================================== --- cassandra/trunk/conf/access.properties (original) +++ cassandra/trunk/conf/access.properties Wed Oct 6 15:19:28 2010 @@ -14,12 +14,19 @@ # See the License for the specific language governing permissions and # limitations under the License. -# This is a sample access file for SimpleAuthority. The format of -# this file is keyspace=users, where users is a comma delimited list of -# authenticatable users from passwd.properties. This file contains -# potentially sensitive information, keep this in mind when setting its -# mode and ownership. +# This is a sample access file for SimpleAuthority. The format of this file +# is KEYSPACE[.COLUMNFAMILY].PERMISSION=USERS, where: # +# * KEYSPACE is the keyspace name. +# * COLUMNFAMILY is the column family name. +# * PERMISSION is one of <ro> or <rw> for read-only or read-write respectively. +# * USERS is a comma delimited list of users from passwd.properties. +# +# See below for example entries. + +# NOTE: This file contains potentially sensitive information, please keep +# this in mind when setting its mode and ownership. + # The magical '<modify-keyspaces>' property lists users who can modify the # list of keyspaces: all users will be able to view the list of keyspaces. <modify-keyspaces>=jsmith