You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cassandra.apache.org by "Aleksey Yeschenko (JIRA)" <ji...@apache.org> on 2015/03/12 02:28:38 UTC
[jira] [Resolved] (CASSANDRA-8957) Move TRUNCATE from MODIFY to
DROP permission group
[ https://issues.apache.org/jira/browse/CASSANDRA-8957?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Aleksey Yeschenko resolved CASSANDRA-8957.
------------------------------------------
Resolution: Duplicate
> Move TRUNCATE from MODIFY to DROP permission group
> ----------------------------------------------------
>
> Key: CASSANDRA-8957
> URL: https://issues.apache.org/jira/browse/CASSANDRA-8957
> Project: Cassandra
> Issue Type: Improvement
> Reporter: Vishy Kasar
>
> Cassandra currently has 6 permissions:
> ALTER: required for ALTER KEYSPCE, ALTER TABLE, CREATE INDEX, DROP INDEX
> AUTHORIZE: required for GRANT, REVOKE
> CREATE: required for CREATE KEYSPACE, CREATE TABLE
> DROP: required for DROP KEYSPACE, DROP TABLE
> MODIFY: required for INSERT, DELETE, UPDATE, TRUNCATE
> SELECT: required for SELECT
> It seems incorrect to lump TRUNCATE with INSERT, DELETE, UPDATE. Every normal user typically does INSERT, DELETE, UPDATE. However a normal user does not need TRUNCATE. We want to prevent normal user accidentally truncating their tables in production. It is better to group TRUNCATE with other destructive operations such as DROP KEYSPACE, DROP TABLE.
> Proposal: Move TRUNCATE from MODIFY to DROP permission group
> Proposed 6 permissions looks like this:
> ALTER: required for ALTER KEYSPCE, ALTER TABLE, CREATE INDEX, DROP INDEX
> AUTHORIZE: required for GRANT, REVOKE
> CREATE: required for CREATE KEYSPACE, CREATE TABLE
> DROP: required for DROP KEYSPACE, DROP TABLE, TRUNCATE
> MODIFY: required for INSERT, DELETE, UPDATE
> SELECT: required for SELECT
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)