[
https://issues.apache.org/jira/browse/CASSANDRA-8163?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14179908#comment-14179908
]
Aleksey Yeschenko commented on CASSANDRA-8163:
----------------------------------------------
It is a reasonable request, in theory, but unfortunately there is just no
straightforward way to implement it in current, or near-future version of
Cassandra.
Schema is stored in system.schema_* tables, and those are shared between all
the tables and keyspaces. DESCRIBE just goes and reads them, then recreates the
CREATE statements.
So for this to work, we'd need cql-row-level authorization in Cassandra, which
we don't have as of now - to limit access to specific rows (of system.schema_*
tables).
> Complete restriction of a user to given keyspace
> ------------------------------------------------
>
> Key: CASSANDRA-8163
> URL: https://issues.apache.org/jira/browse/CASSANDRA-8163
> Project: Cassandra
> Issue Type: Improvement
> Reporter: Vishy Kasar
>
> We have a cluster like this:
> project1_keyspace
> table101
> table102
> project2_keyspace
> table201
> table202
> We have set up following users and grants:
> project1_user has all access to project1_keyspace
> project2_user has all access to project2_keyspace
> However project1_user can still do a 'describe schema' and get the schema for
> project2_keyspace as well. We do not want project1_user to have any knowledge
> for project2 in any way (cqlsh/java-driver etc) .
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
