> > What would prevent the security_admin from self-authorizing himself?
It is a valid point. :-) The idea is to have some mechanisms in place to prevent that kind of behavior. Of course people might still be able to collaborate to get access to some data but a single person should not be able to do that all by himself. Le mer. 30 mars 2022 à 14:52, Tibor Répási <tibor.rep...@anzix.org> a écrit : > I like the idea of separation of duties. But, wouldn’t be a security_admin > role not just a select and modify permission on system_auth? What would > prevent the security_admin from self-authorizing himself? > > Would it be possible to add some sort of two-man rule? > > On 30. Mar 2022, at 10:44, Berenguer Blasi <berenguerbl...@gmail.com> > wrote: > > Hi all, > > I would like to propose to add support for a sort of a security role that can > grant/revoke > permissions to a user to a resource (KS, table,...) but _not_ access the data > in that resource itself. Data may be sensitive, > have legal constrains, etc but this separation of duties should enable that. > Think of a hospital where > IT can grant/revoke permissions to doctors but IT should _not_ have access to > the data itself. > > I have created https://issues.apache.org/jira/browse/CASSANDRA-17501 with > more details. If anybody has > any concerns or questions with this functionality I will be happy to discuss > them. > > Thx in advance. > > >
