We are using Cassandra 0.8.7 and building a multi-tenant cassandra platform where we have a common KS and common CFs for all tenants. By using Hector's virtual keyspaces, we are able to add modify rowkeys to have a tenant specific id. (Note that we do not allow tenants to modify/create KS/CF. We just allow tenants to write and read data) However we are in the process of adding authentication and authorization on top of this platform such that no tenant should be able to retrieve data belonging to any other tenant.
By configuring Cassandra for security using the documentation here - http://www.datastax.com/docs/0.8/configuration/authentication , we were able to apply the security constraints on the common keyspace and common CFs. However this does not prevent a tenant from retrieving data belonging to another tenant. For this to happen, we would need to have separate CFs and/or keyspaces for each tenant. Looking for more information on the topic here http://cassandra-user-incubator-apache-org.3065146.n2.nabble.com/Re-Multi-tenancy-and-authentication-and-authorization-td5935230.htmland other places, it looks like the recommendation is "not" to create separate CFs and KSs for every tenant as this would have impacts on Memtables and other memory issues. Does this recommendation still hold good? With jiras like https://issues.apache.org/jira/browse/CASSANDRA-2006resolved, does it mean we can now create multiple (but limited) CFs and KSs? More generally, how do we prevent a tenant from intentional/accidental data manipulation of data owned by another tenant? (given that all tenants will provide the right credentials)
