We are working on a multi-tenant solution using Cassandra and would like to have a finer control on what each tenant can access. Initially, we were thinking of putting the required logic in the application layer using a separate database but it is good if Cassandra can handle most of it for us.
1. Dynamic creation/deletion of users using client APIs (thrift) and CQL.
2. Ability to perform authorization at keyspace, column family level (already there) and change it on the fly.
3. Ability to perform (dynamic) authorization at row-key level . In our case, we can have (related) rows which store same kind of data. So we have rows keys like X_Week1, X_Week2.... to store data related to X (it is time-series data). Great if we can specify an authorization setting like X_* to give access to all X data.
4. I guess this one is specific to our data model and I may be asking for too much here. Authorization at column name level and again ability to change this on the fly. If the column names are timestamps, I want to restrict data access based on the time. e.g. Give access for X (row keys with X_*) but only include the columns which fall in the range col_low - col_high. The output in this case will come from multiple rows.
I am not sure if I understand your other question 'internal to Cassandra/DSE vs having the ability to tie into an external system'. When you say external system do you mean a separate database and library to implement authentication/authorization and Cassandra using its services? I guess that would be better than making this whole thing reside in Cassandra.