1 // For Developer Machine single instance
4 WITH REPLICATION = {'class' : 'SimpleStrategy','replication_factor':1};
6 // From Ravi, 6-17-2014. User for DEVL->TEST
8 // CREATE KEYSPACE authz WITH replication = { 'class': 'NetworkTopologyStrategy', 'HYWRCA02': '2', 'BRHMALDC': '2' };
12 // CREATE KEYSPACE authz WITH replication = {'class': 'NetworkTopologyStrategy','ALPSGACT': '2','STLSMORC': '2','BRHMALDC': '2' };
14 // create user authz with password '<AUTHZ PASSWORD>' superuser;
15 // grant all on keyspace authz to authz;
17 // For TEST (aaf_test)
18 // CREATE KEYSPACE authz WITH replication = { 'class': 'NetworkTopologyStrategy', 'BRHMALDC': '1' };
21 // CREATE KEYSPACE authz WITH replication = {'class': 'NetworkTopologyStrategy','STLSMORC': '2' };
24 // CREATE KEYSPACE authz WITH replication = {'class': 'NetworkTopologyStrategy','STLSMORC': '3','KGMTNC20': '3' };
27 // CREATE KEYSPACE authz WITH replication = {'class': 'NetworkTopologyStrategy','STLSMORC':'3',
28 // 'DLLSTXCF':'3','KGMTNC20':'3','SFLDMIBB':'3','HYWRCA02':'3' };
30 // with 6 localized with ccm
31 // CREATE KEYSPACE authz WITH replication = { 'class': 'NetworkTopologyStrategy', 'dc1': '2', 'dc2': '2' };
37 // CORE Table function
40 // Namespace - establish hierarchical authority to modify
41 // Permissions and Roles
42 // "scope" is flag to determine Policy. Typical important scope
46 scope int, // deprecated 2.0.11
52 CREATE INDEX ns_parent on ns(parent);
55 // Oct 2015, not performant. Made Owner and Attrib first class Roles,
56 // April, 2015. Originally, the plan was to utilize Cassandra 2.1.2, however, other team's preferences were to remain at current levels.
57 // Therefore, we are taking the separate table approach. (coder Jeremiah Rohwedder)
58 // We had dropped this by making first class objects of Responsible (Owner) and Admin. We need this again to mark namespaces
59 // as having certain tools, like SWM, etc.
60 CREATE TABLE ns_attrib (
66 create index ns_attrib_key on ns_attrib(key);
72 perms set<varchar>, // Use "Key" of "name|type|action"
76 CREATE INDEX role_name ON role(name);
84 roles set<varchar>, // Need to find Roles given Permissions
86 PRIMARY KEY (ns,type,instance,action)
89 // This table is user for Authorization
90 CREATE TABLE user_role (
92 role varchar, // deprecated: change to ns/rname after 2.0.11
96 PRIMARY KEY(user,role)
98 CREATE INDEX user_role_ns ON user_role(ns);
99 CREATE INDEX user_role_role ON user_role(role);
101 // This table is only for the case where return User Credential (MechID) Authentication
111 PRIMARY KEY (id,type,expires)
113 CREATE INDEX cred_ns ON cred(ns);
115 // Certificate Cross Table
116 // coordinated with CRED type 2
122 PRIMARY KEY (fingerprint)
124 CREATE INDEX cert_id ON cert(id);
125 CREATE INDEX cert_x500 ON cert(x500);
127 CREATE TABLE notify (
132 PRIMARY KEY (user,type)
141 PRIMARY KEY (ca,serial)
145 CREATE INDEX x509_id ON x509 (id);
146 CREATE INDEX x509_x500 ON x509 (x500);
149 // Deployment Artifact (for Certman)
151 CREATE TABLE artifact (
163 PRIMARY KEY (mechid,machine)
165 CREATE INDEX artifact_machine ON artifact(machine);
168 // Non-Critical Table functions
170 // Table Info - for Caching
173 seg int, // cache Segment
175 PRIMARY KEY(name,seg)
178 CREATE TABLE history (
183 target varchar, // user, user_role,
184 subject varchar, // field for searching main portion of target key
185 memo varchar, //description of the action
186 reconstruct blob, //serialized form of the target
187 // detail Map<varchar, varchar>, // additional information
190 CREATE INDEX history_yr_mon ON history(yr_mon);
191 CREATE INDEX history_user ON history(user);
192 CREATE INDEX history_subject ON history(subject);
195 // A place to hold objects to be created at a future time.
197 CREATE TABLE future (
199 target varchar, // Target Table
200 memo varchar, // Description
201 start timestamp, // When it should take effect
202 expires timestamp, // When not longer valid
203 construct blob, // How to construct this object (like History)
206 CREATE INDEX future_idx ON future(target);
207 CREATE INDEX future_start_idx ON future(start);
210 CREATE TABLE approval (
211 id timeuuid, // unique Key
212 ticket uuid, // Link to Future Record
213 user varchar, // the user who needs to be approved
214 approver varchar, // user approving
215 type varchar, // approver types i.e. Supervisor, Owner
216 status varchar, // approval status. pending, approved, denied
217 memo varchar, // Text for Approval to know what's going on
218 operation varchar, // List operation to perform
221 CREATE INDEX appr_approver_idx ON approval(approver);
222 CREATE INDEX appr_user_idx ON approval(user);
223 CREATE INDEX appr_ticket_idx ON approval(ticket);
224 CREATE INDEX appr_status_idx ON approval(status);
226 CREATE TABLE delegate (
232 CREATE INDEX delg_delg_idx ON delegate(delegate);
235 // Used by authz-batch processes to ensure only 1 runs at a time
237 CREATE TABLE run_lock (
241 PRIMARY KEY ((class))