[ https://issues.apache.org/jira/browse/CASSANDRA-17502?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Tibor Repasi updated CASSANDRA-17502: ------------------------------------- Summary: Security enforcement by enabling "two-person concept" authorization (was: Security enforcement by enabling "two-man rule" authorization) > Security enforcement by enabling "two-person concept" authorization > ------------------------------------------------------------------- > > Key: CASSANDRA-17502 > URL: https://issues.apache.org/jira/browse/CASSANDRA-17502 > Project: Cassandra > Issue Type: New Feature > Reporter: Tibor Repasi > Priority: Normal > > Inspired by the > [discussion|https://lists.apache.org/thread/4p92o2obvztkl12hvnrrmlw0cgtl391k] > about improving security administration the idea came up to enforce "two-man > rule" grant of roles. > Explanation from [Wikipedia|https://en.wikipedia.org/wiki/Two-man_rule]: > {quote}The two-man rule is a control mechanism designed to achieve a high > level of security for especially critical material or operations. Under this > rule access and actions require the presence of two or more authorized people > at all times. > {quote} > The idea summarise as having an option - e.g. GRANTORS - on roles to define > how many grantors does it need for a user to have a specific role granted. > Think about a keyspace containing highly sensitive data (e.g. patientdata) > and a role - patientdata_access - allowing its grantees to access the data. > {code} > CREATE KEYSPACE patientdata …; > CREATE ROLE patientdata_access WITH GRANTORS=2; > GRANT SELECT, MODIFY ON patientdata TO patientdata_access; > CREATE ROLE security_admin; > GRANT AUTHORIZE patientdata_access TO security_admin; > GRANT security_admin TO admin_guy1; > GRANT security_admin TO admin_guy2; > GRANT security_admin TO admin_guy3; > {code} > Security admins are allowed to grant the role, but it would need at least two > of them (as defined by GRANTORS) to do so to allow the user to actually > access the data. > Thus, > {code} > GRANT patientdata_access TO doctor_house; > {code} > must be conducted by at least two different admin_guys of the available ones > above. > When GRANTORS defaults to 1, the default behaviour of roles doesn't change. -- This message was sent by Atlassian Jira (v8.20.1#820001) --------------------------------------------------------------------- To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org For additional commands, e-mail: commits-h...@cassandra.apache.org