[
https://issues.apache.org/jira/browse/CASSANDRA-8303?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14538492#comment-14538492
]
Aleksey Yeschenko commented on CASSANDRA-8303:
----------------------------------------------
[~jshook] It's not too late to change this - because it hasn't happened yet,
mostly.
But you'd have to propose an agreeable-upon implementation. How the API will
look (including changes to the current IAuthorizer, if you want to stock to
that), and how CQL for it will look like. If you do that, we'll see.
> Create a capability limitation framework
> ----------------------------------------
>
> Key: CASSANDRA-8303
> URL: https://issues.apache.org/jira/browse/CASSANDRA-8303
> Project: Cassandra
> Issue Type: Improvement
> Reporter: Anupam Arora
> Assignee: Sam Tunnicliffe
> Fix For: 3.x
>
>
> In addition to our current Auth framework that acts as a white list, and
> regulates access to data, functions, and roles, it would be beneficial to
> have a different, capability limitation framework, that would be orthogonal
> to Auth, and would act as a blacklist.
> Example uses:
> - take away the ability to TRUNCATE from all users but the admin (TRUNCATE
> itself would still require MODIFY permission)
> - take away the ability to use ALLOW FILTERING from all users but
> Spark/Hadoop (SELECT would still require SELECT permission)
> - take away the ability to use UNLOGGED BATCH from everyone (the operation
> itself would still require MODIFY permission)
> - take away the ability to use certain consistency levels (make certain
> tables LWT-only for all users, for example)
> Original description:
> Please provide a "strict mode" option in cassandra that will kick out any CQL
> queries that are expensive, e.g. any query with ALLOWS FILTERING,
> multi-partition queries, secondary index queries, etc.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
