[
https://issues.apache.org/jira/browse/CASSANDRA-17501?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Berenguer Blasi updated CASSANDRA-17501:
----------------------------------------
Authors: (was: Berenguer Blasi)
> Security admin separation of duties
> -----------------------------------
>
> Key: CASSANDRA-17501
> URL: https://issues.apache.org/jira/browse/CASSANDRA-17501
> Project: Cassandra
> Issue Type: New Feature
> Components: Feature/Authorization
> Reporter: Berenguer Blasi
> Assignee: Berenguer Blasi
> Priority: Normal
> Fix For: 4.x
>
>
> This ticket is about enabling a sort of security admin role.
> Think of a hospital with patient data which is very sensitive information. IT
> should be able to grant/revoke/restrict access to the data without having
> access to the data itself. This is the clear separation of duties between
> admins and users of the database we're after.
> An example is along the lines:
> {noformat}
> As a superuser:
> CREATE KEYSPACE patientdata …;
> CREATE ROLE security_admin;
> GRANT security_admin TO admin_guy;
> GRANT AUTHORIZE FOR SELECT, MODIFY, EXECUTE ON patientdata TO security_admin;
> RESTRICT SELECT, MODIFY, EXECUTE ON KEYSPACE patientdata TO security_admin;
> As a security admin:
> GRANT SELECT ON patientdata TO new_nurse;
> GRANT SELECT, MODIFY ON patientdata TO doctor_house;
> {noformat}
> Original idea of [~snazy]
--
This message was sent by Atlassian Jira
(v8.20.7#820007)
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org
For additional commands, e-mail: commits-h...@cassandra.apache.org
