I like the idea of separation of duties. But, wouldn’t be a security_admin role not just a select and modify permission on system_auth? What would prevent the security_admin from self-authorizing himself?
Would it be possible to add some sort of two-man rule? > On 30. Mar 2022, at 10:44, Berenguer Blasi <berenguerbl...@gmail.com> wrote: > > Hi all, > > I would like to propose to add support for a sort of a security role that can > grant/revoke > permissions to a user to a resource (KS, table,...) but _not_ access the data > in that resource itself. Data may be sensitive, > have legal constrains, etc but this separation of duties should enable that. > Think of a hospital where > IT can grant/revoke permissions to doctors but IT should _not_ have access to > the data itself. > > I have created https://issues.apache.org/jira/browse/CASSANDRA-17501 > <https://issues.apache.org/jira/browse/CASSANDRA-17501> with more details. If > anybody has > any concerns or questions with this functionality I will be happy to discuss > them. > > Thx in advance.
