> user ---n:m--- role ---n:m--- resource It can work, but Cassandra is not RDBMS as you know, so RDBMS-ish data modeling may not fit in production. (depends on your requirement on performance. I'm not sure.) In general you should better to desgin schema from your access pattern.
maki 2012/3/20 Maciej Miklas <mac.mik...@googlemail.com>: > Hi *, > > I would like to know your opinion about using Cassandra to implement a > RBAC-like authentication & authorization model. We have simplified the > central relationship of the general model > (http://en.wikipedia.org/wiki/Role-based_access_control) to: > > user ---n:m--- role ---n:m--- resource > > user(s) and resource(s) are indexed with externally visible identifiers. > These identifiers need to be "re-ownable" (think: mail aliases), too. > > The main reason to consider Cassandra is the availability, scalability and > (global) geo-redundancy. This is hard to achieve with a RBDMS. > > On the other side, RBAC has many m:n relations. While some inconsistencies > may be acceptable, resource ownership (i.e. role=owner) must never ever be > mixed up. > > What do you think? Is such relational model an antipattern for Cassandra > usage? Do you know similar solutions based on Cassandra? > > > Regards, > > Maciej > > > ps. I've posted this question also on stackoverflow, but I would like to > also get feedback from Cassandra community. > > > >
