You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@cassandra.apache.org by rock zhang <ro...@alohar.com> on 2015/08/04 04:12:04 UTC

only grant select , but still can modify data

Hi All,

I want to create a readonly account, so i run the following command following: http://docs.datastax.com/en/cassandra/1.2/cassandra/security/security_config_native_authenticate_t.html

CREATE USER readonly WITH PASSWORD 'xxxx'  ;

GRANT SELECT ON ALL KEYSPACES TO readonly;

Then I login DevCenter  with readonly account , i still can modify the data, anyone knows why ?  Many thanks.

I set keyspace system_auth replica as 6 since i have 6 nodes. 


Thanks
Rock

Re: only grant select , but still can modify data

Posted by Russell Bradberry <rb...@gmail.com>.
Did you set your authorizer correctly?

http://docs.datastax.com/en/cassandra/1.2/cassandra/security/secure_config_native_authorize_t.html

-Russ

From:  Dan Jatnieks
Reply-To:  <us...@cassandra.apache.org>
Date:  Wednesday, August 5, 2015 at 5:03 PM
To:  <us...@cassandra.apache.org>
Subject:  Re: only grant select , but still can modify data

Hi Rock,

I was not able to reproduce this problem using C* 2.2 and DevCenter 1.4. What versions are you using? Did you check that the DevCenter connection properties are using the "readonly" account and that any existing connection was closed and re-opened? Did you get the expected result with cqlsh?

dan


On Mon, Aug 3, 2015 at 7:12 PM, rock zhang <ro...@alohar.com> wrote:
Hi All,

I want to create a readonly account, so i run the following command following: http://docs.datastax.com/en/cassandra/1.2/cassandra/security/security_config_native_authenticate_t.html

CREATE USER readonly WITH PASSWORD 'xxxx'  ;

GRANT SELECT ON ALL KEYSPACES TO readonly;

Then I login DevCenter  with readonly account , i still can modify the data, anyone knows why ?  Many thanks.

I set keyspace system_auth replica as 6 since i have 6 nodes. 


Thanks
Rock 



-- 
Dan Jatnieks
Software Engineer | danj@datastax.com

Re: only grant select , but still can modify data

Posted by Rock Zhang <ro...@alohar.com>.
I am using C*2.1 and DevCenter 1.3.1, it is not easy to upgrade C*2.1 to
C*2.2  since it running in production, but I will upgrade the DevCenter.

Thanks
Rock

On Aug 5, 2015, at 2:03 PM, Dan Jatnieks <da...@datastax.com> wrote:

Hi Rock,

I was not able to reproduce this problem using C* 2.2 and DevCenter 1.4.
What versions are you using? Did you check that the DevCenter connection
properties are using the "readonly" account and that any existing
connection was closed and re-opened? Did you get the expected result with
cqlsh?

dan


On Mon, Aug 3, 2015 at 7:12 PM, rock zhang <ro...@alohar.com> wrote:

> Hi All,
>
> I want to create a readonly account, so i run the following command
> following:
> http://docs.datastax.com/en/cassandra/1.2/cassandra/security/security_config_native_authenticate_t.html
>
> CREATE USER readonly WITH PASSWORD 'xxxx'  ;
>
> GRANT SELECT ON ALL KEYSPACES TO readonly;
>
> Then I login DevCenter  with readonly account , i still can modify the
> data, anyone knows why ?  Many thanks.
>
> I set keyspace system_auth replica as 6 since i have 6 nodes.
>
>
> Thanks
> Rock
>



-- 
<http://www.datastax.com/>
Dan Jatnieks
Software Engineer | danj@datastax.com

<https://www.linkedin.com/in/danjatnieks>
<https://www.facebook.com/datastax> <https://twitter.com/datastax>
<https://plus.google.com/+Datastax/about>
<http://feeds.feedburner.com/datastax> <https://github.com/datastax/>
<http://cassandrasummit-datastax.com/?utm_campaign=summit15&utm_medium=summiticon&utm_source=emailsignature>

Re: only grant select , but still can modify data

Posted by Dan Jatnieks <da...@datastax.com>.
Hi Rock,

I was not able to reproduce this problem using C* 2.2 and DevCenter 1.4.
What versions are you using? Did you check that the DevCenter connection
properties are using the "readonly" account and that any existing
connection was closed and re-opened? Did you get the expected result with
cqlsh?

dan


On Mon, Aug 3, 2015 at 7:12 PM, rock zhang <ro...@alohar.com> wrote:

> Hi All,
>
> I want to create a readonly account, so i run the following command
> following:
> http://docs.datastax.com/en/cassandra/1.2/cassandra/security/security_config_native_authenticate_t.html
>
> CREATE USER readonly WITH PASSWORD 'xxxx'  ;
>
> GRANT SELECT ON ALL KEYSPACES TO readonly;
>
> Then I login DevCenter  with readonly account , i still can modify the
> data, anyone knows why ?  Many thanks.
>
> I set keyspace system_auth replica as 6 since i have 6 nodes.
>
>
> Thanks
> Rock
>



-- 

<http://www.datastax.com/>

Dan Jatnieks
Software Engineer | danj@datastax.com

<https://www.linkedin.com/in/danjatnieks>
<https://www.facebook.com/datastax> <https://twitter.com/datastax>
<https://plus.google.com/+Datastax/about>
<http://feeds.feedburner.com/datastax> <https://github.com/datastax/>

<http://cassandrasummit-datastax.com/?utm_campaign=summit15&utm_medium=summiticon&utm_source=emailsignature>