[jira] [Updated] (CASSANDRA-8303) Create a capability limitation framework

Tue, 10 Feb 2015 15:48:28 -0800 

     [ 
https://issues.apache.org/jira/browse/CASSANDRA-8303?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Aleksey Yeschenko updated CASSANDRA-8303:
-----------------------------------------
    Description: 
In addition to our current Auth framework that acts as a white list, and 
regulates access to data, functions, and roles, it would be beneficial to have 
a different, capability limitation framework, that would be orthogonal to Auth, 
and would act as a blacklist.

Example uses:
- take away the ability to TRUNCATE from all users but the admin (TRUNCATE 
itself would still require MODIFY permission)
- take away the ability to use ALLOW FILTERING from all users but Spark/Hadoop 
(SELECT would still require SELECT permission)
- take away the ability to use UNLOGGED BATCH from everyone (the operation 
itself would still require MODIFY permission)
- take away the ability to use certain consistency levels (make certain tables 
LWT-only for all users, for example)

Original description:
Please provide a "strict mode" option in cassandra that will kick out any CQL 
queries that are expensive, e.g. any query with ALLOWS FILTERING, 
multi-partition queries, secondary index queries, etc.

  was:Please provide a "strict mode" option in cassandra that will kick out any 
CQL queries that are expensive, e.g. any query with ALLOWS FILTERING, 
multi-partition queries, secondary index queries, etc.


> Create a capability limitation framework
> ----------------------------------------
>
>                 Key: CASSANDRA-8303
>                 URL: https://issues.apache.org/jira/browse/CASSANDRA-8303
>             Project: Cassandra
>          Issue Type: Improvement
>            Reporter: Anupam Arora
>             Fix For: 3.0
>
>
> In addition to our current Auth framework that acts as a white list, and 
> regulates access to data, functions, and roles, it would be beneficial to 
> have a different, capability limitation framework, that would be orthogonal 
> to Auth, and would act as a blacklist.
> Example uses:
> - take away the ability to TRUNCATE from all users but the admin (TRUNCATE 
> itself would still require MODIFY permission)
> - take away the ability to use ALLOW FILTERING from all users but 
> Spark/Hadoop (SELECT would still require SELECT permission)
> - take away the ability to use UNLOGGED BATCH from everyone (the operation 
> itself would still require MODIFY permission)
> - take away the ability to use certain consistency levels (make certain 
> tables LWT-only for all users, for example)
> Original description:
> Please provide a "strict mode" option in cassandra that will kick out any CQL 
> queries that are expensive, e.g. any query with ALLOWS FILTERING, 
> multi-partition queries, secondary index queries, etc.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to