http://www.datastax.com/support-forums/tags/authorization Software, Support, and Training for Apache Cassandra en-US Wed, 19 Jun 2013 00:34:18 +0000 http://bbpress.org/?v=1.0.3 q http://www.datastax.com/support-forums/search.php http://www.datastax.com/support-forums/topic/cassandra-security-features#post-2426 Wed, 27 Jun 2012 14:26:40 +0000 mbulman 2426@http://www.datastax.com/support-forums/ <p>Thanks for the feedback, Ajay. When I say external, I mean tying into a system (eg, LDAP) that is responsible for storing user auth data -- as opposed to C*/DSE storing it internally. </p> http://www.datastax.com/support-forums/topic/cassandra-security-features#post-2396 Tue, 26 Jun 2012 13:37:31 +0000 singh.ajay1983 2396@http://www.datastax.com/support-forums/ <p>Hi Mike,</p> <p>We are working on a multi-tenant solution using Cassandra and would like to have a finer control on what each tenant can access. Initially, we were thinking of putting the required logic in the application layer using a separate database but it is good if Cassandra can handle most of it for us.</p> <p>1. Dynamic creation/deletion of users using client APIs (thrift) and CQL.</p> <p>2. Ability to perform authorization at keyspace, column family level (already there) and change it on the fly.</p> <p>3. Ability to perform (dynamic) authorization at row-key level . In our case, we can have (related) rows which store same kind of data. So we have rows keys like X_Week1, X_Week2.... to store data related to X (it is time-series data). Great if we can specify an authorization setting like X_* to give access to all X data.</p> <p>4. I guess this one is specific to our data model and I may be asking for too much here. Authorization at column name level and again ability to change this on the fly. If the column names are timestamps, I want to restrict data access based on the time. e.g. Give access for X (row keys with X_*) but only include the columns which fall in the range col_low - col_high. The output in this case will come from multiple rows.</p> <p>I am not sure if I understand your other question 'internal to Cassandra/DSE vs having the ability to tie into an external system'. When you say external system do you mean a separate database and library to implement authentication/authorization and Cassandra using its services? I guess that would be better than making this whole thing reside in Cassandra.</p> <p>Thanks<br /> Ajay </p> http://www.datastax.com/support-forums/topic/cassandra-security-features#post-2362 Mon, 25 Jun 2012 16:57:05 +0000 mbulman 2362@http://www.datastax.com/support-forums/ <p>Ajay,</p> <p>We'd love to hear more about what types of improvements you're looking for. Would you prefer for everything to be internal to Cassandra/DSE, or have the ability to tie into an external system?</p> <p>How granular would you need the authorization to be? </p> http://www.datastax.com/support-forums/topic/cassandra-security-features#post-2357 Mon, 25 Jun 2012 15:29:05 +0000 xedin 2357@http://www.datastax.com/support-forums/ <p>There are no tickets yet but you are welcome to create one to draw attention to the problem, currently the way out for you is to implement IAuthority and IAuthenticator interfaces and replace default ones in the conf/cassandra.yaml. </p> http://www.datastax.com/support-forums/topic/cassandra-security-features#post-2356 Mon, 25 Jun 2012 15:25:06 +0000 singh.ajay1983 2356@http://www.datastax.com/support-forums/ <p>Thanks Xedin. Is there a jira tracker for this ? I want to get some idea about the security features which are being discussed. It will help me take a decision on the authentication/authorization aspect of my project. </p> http://www.datastax.com/support-forums/topic/cassandra-security-features#post-2355 Mon, 25 Jun 2012 15:04:45 +0000 xedin 2355@http://www.datastax.com/support-forums/ <p>Yeah, there are few plans to add stronger authentication/authorization schemes to the DSE currently in review and probably Cassandra native authorization scheme compatibile with CQL in upcoming 1.3 (or if time would be sufficient in 1.2) release. </p> http://www.datastax.com/support-forums/topic/cassandra-security-features#post-2354 Mon, 25 Jun 2012 12:39:57 +0000 singh.ajay1983 2354@http://www.datastax.com/support-forums/ <p>Hi All,</p> <p>Are there plans to improve Cassandra security features in the coming releases? The present authentication and authorization mechanism is file based (as of 1.0) and is of limited use. We need features like adding/removing users dynamically through client APIs and CQL. We also need dynamic control over authorization.</p> <p>Thanks<br /> Ajay </p> http://www.datastax.com/support-forums/topic/opscenter-and-cassandra-running-with-simpleauthority#post-1257 Wed, 29 Feb 2012 17:19:48 +0000 mbulman 1257@http://www.datastax.com/support-forums/ <p>There are some column families missing from the OpsCenter keyspace you have listed (mainly rollup_* column families). Be sure to list those and things should work for you. Keep in mind you'll have to set proper permissions for any keyspaces/column families you'd like OpsCenter to manage. </p> http://www.datastax.com/support-forums/topic/opscenter-and-cassandra-running-with-simpleauthority#post-1246 Mon, 27 Feb 2012 22:12:08 +0000 Anonymous 1246@http://www.datastax.com/support-forums/ <p>With Cassandra authorization set to org.apache.cassandra.auth.SimpleAuthority, what access properties are required by opscenter? Are the access properties below sufficient?</p> <p>&lt;modify-keyspaces&gt;=opscenter<br /> OpsCenter.&lt;rw&gt;=opscenter<br /> OpsCenter.events.&lt;rw&gt;=opscenter<br /> OpsCenter.events_timeline.&lt;rw&gt;=opscenter<br /> OpsCenter.pdps.&lt;rw&gt;=opscenter<br /> OpsCenter.settings.&lt;rw&gt;=opscenter<br /> MyKeyspace.MyColumnFamily.&lt;ro&gt;=opscenter </p>