[
https://issues.apache.org/jira/browse/CASSANDRA-8163?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14179943#comment-14179943
]
Sylvain Lebresne commented on CASSANDRA-8163:
---------------------------------------------
bq. So for this to work, we'd need cql-row-level authorization in Cassandra
Another somewhat simple option could be to just restrict queries directly.
Intercepting queries to schema tables to check that there are not violating
users restrictions (or even silently restricting them to what's authorized)
might be slightly annoying but certainly simpler than introducing cql-row-level
authorization.
> Complete restriction of a user to given keyspace
> ------------------------------------------------
>
> Key: CASSANDRA-8163
> URL: https://issues.apache.org/jira/browse/CASSANDRA-8163
> Project: Cassandra
> Issue Type: Improvement
> Reporter: Vishy Kasar
>
> We have a cluster like this:
> project1_keyspace
> table101
> table102
> project2_keyspace
> table201
> table202
> We have set up following users and grants:
> project1_user has all access to project1_keyspace
> project2_user has all access to project2_keyspace
> However project1_user can still do a 'describe schema' and get the schema for
> project2_keyspace as well. We do not want project1_user to have any knowledge
> for project2 in any way (cqlsh/java-driver etc) .
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
