[ https://issues.apache.org/jira/browse/CASSANDRA-7216?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14002664#comment-14002664 ]
Dave Brosius commented on CASSANDRA-7216: ----------------------------------------- certainly this is very functional and nice and simple, but it does so being completely a manually tracked feature, something that some management tool, say, DSE, wouldn't be able to manage. C* has been historically a more user-less system than other dbs, so i guess this is fine if this is just to cover a one-off type case. If however, user management is going to be a much bigger part going forward, i'd want something more centrally manageable. > Restricted superuser account request > ------------------------------------ > > Key: CASSANDRA-7216 > URL: https://issues.apache.org/jira/browse/CASSANDRA-7216 > Project: Cassandra > Issue Type: Improvement > Reporter: Oded Peer > Assignee: Dave Brosius > Priority: Minor > Fix For: 3.0 > > Attachments: 7216-POC.txt, 7216.txt > > > I am developing a multi-tenant service. > Every tenant has its own user, keyspace and can access only his keyspace. > As new tenants are provisioned there is a need to create new users and > keyspaces. > Only a superuser can issue CREATE USER requests, so we must have a super user > account in the system. On the other hand super users have access to all the > keyspaces, which poses a security risk. > For tenant provisioning I would like to have a restricted account which can > only create new users, without read access to keyspaces. -- This message was sent by Atlassian JIRA (v6.2#6252)