Thanks Ramesh and Bosco for chiming in and help. I will put in the tracing as suggested by Bosco. Thanks a lot. Anurag
On Thu, Apr 20, 2017 at 10:08 PM, Don Bosco Durai <bo...@apache.org> wrote: > It’s been a while. Here are 2 classes I looked at: > > https://github.com/apache/cassandra/blob/81f6c784ce967fadb6ed7f58de1328 > e713eaf53c/src/java/org/apache/cassandra/auth/IAuthorizer.java > > https://github.com/apache/cassandra/blob/81f6c784ce967fadb6ed7f58de1328 > e713eaf53c/src/java/org/apache/cassandra/auth/CassandraAuthorizer.java > > > > I have not looked into how and when this method is called “Set<Permission> > authorize(AuthenticatedUser user, IResource resource);” > > > > Anurag, if you have bandwidth, you can put some trace statements in the > default implementation class and see whether it is called on each resource > access. > > > > To give you some context, HBase uses coprocessor, where you can do the > permission check and it is called on each get/put/scan, etc. Apache > Accumolo uses a different model, where the caller passes the security > context/label and Accumulo server just applies it (trusts the client). > While in some other applications, during authentication the roles are > retrieved and the roles are applied throughout the session. > > > > Understanding the model Cassandra uses will help us come with the right > strategy. If it follows the HBase/Hive model, then it should be pretty > straight forward to write Ranger plugin by implementing IAuthorizer > interface. > > > > Thanks > > > > Bosco > > > > > > > > *From: *Ramesh Mani <rm...@hortonworks.com> > *Date: *Wednesday, April 19, 2017 at 3:56 PM > *To: *"user@ranger.apache.org" <user@ranger.apache.org>, " > d...@ranger.apache.org" <d...@ranger.apache.org> > *Cc: *Don Bosco Durai <bo...@apache.org>, Madhan Neethiraj < > mad...@apache.org> > *Subject: *Re: ranger for cassandra > > > > > > Earlier I have reviewed briefly the Cassandra authorizer and it is RBAC > based authorization model which is not a straight forward fit into Ranger’s > Attribute Based Access Control model. > > > > Including dev list also. > > > > Pinging Bosco / Madhan to give their thoughts. > > > > Thanks, > > Ramesh > > > > *From: *anurag gujral <anurag.guj...@gmail.com> > *Reply-To: *"user@ranger.apache.org" <user@ranger.apache.org> > *Date: *Wednesday, April 19, 2017 at 3:31 PM > *To: *"user@ranger.apache.org" <user@ranger.apache.org> > *Subject: *ranger for cassandra > > > > Hi All, > > Can you please share if there is any plan to support apache ranger for > cassandra? > > Thanks, > > Anurag >
