【发布时间】:2018-01-09 18:02:02
【问题描述】:
我有 1 个节点 cassandra 集群。我需要的是创建一个用户并为其添加一些角色。我已经完成了以下 datastax 示例:
CREATE KEYSPACE warehouse WITH REPLICATION = {'class':'SimpleStrategy',
'replication_factor':1};
USE warehouse;
CREATE TABLE addresses (
customer_id bigint,
address_id int,
address text,
PRIMARY KEY (customer_id, address_id)
);
CREATE ROLE supervisor;
GRANT SELECT ON warehouse.addresses TO supervisor;
CREATE ROLE pam WITH PASSWORD = 'password' AND LOGIN = true;
GRANT supervisor TO pam;
所以用户 Pam 只能从仓库地址中读取。但是,当我使用 pam 登录并从不同于warehouse.addresses 的 keyspace1.table 中选择数据时,会提供数据:
cqlsh xxx.x.xx.xx -u pam -p password
pam@cqlsh> select from keyspace1.table 1 where id= 1
Pam 能够在每个键空间中做任何事情,她是超级用户,我不明白为什么。当我列出 pam 的所有角色和权限时,一切都是正确的,超级用户是错误的。
我在 dse.yaml 中改变的是:
authentication_options:
enabled: true
default_scheme: internal
allow_digest_with_kerberos: false
plain_text_without_ssl: warn
transitional_mode: disabled
other_schemes:
scheme_permissions: false
role_management_options:
mode: internal
authorization_options:
enabled: true
transitional_mode: normal
allow_row_level_security: true
cassandra.yaml:
authenticator: com.datastax.bdp.cassandra.auth.DseAuthenticator
authorizer: com.datastax.bdp.cassandra.auth.DseAuthorizer
role_manager: com.datastax.bdp.cassandra.auth.DseRoleManager
【问题讨论】:
标签: authentication cassandra role