You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cassandra.apache.org by "C. Scott Andreas (JIRA)" <ji...@apache.org> on 2018/11/19 05:39:01 UTC
[jira] [Updated] (CASSANDRA-10594) Inconsistent permissions results
return
[ https://issues.apache.org/jira/browse/CASSANDRA-10594?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
C. Scott Andreas updated CASSANDRA-10594:
-----------------------------------------
Component/s: Auth
> Inconsistent permissions results return
> ---------------------------------------
>
> Key: CASSANDRA-10594
> URL: https://issues.apache.org/jira/browse/CASSANDRA-10594
> Project: Cassandra
> Issue Type: Improvement
> Components: Auth
> Reporter: Adam Holmberg
> Priority: Minor
>
> The server returns inconsistent results when listing permissions, depending on whether a user is configured.
> *Observed with Cassandra 3.0:*
> Only super user configured:
> {code}
> cassandra@cqlsh> list all;
> role | resource | permissions
> ------+----------+-------------
> (0 rows)
> {code}
> VOID result type is returned (meaning no result meta is returned and cqlsh must use the table meta to determine columns)
> With one user configured, no grants:
> {code}
> cassandra@cqlsh> create user holmberg with password 'tmp';
> cassandra@cqlsh> list all;
> results meta: system_auth permissions 4
> role | username | resource | permission
> -----------+-----------+-------------+------------
> cassandra | cassandra | <role holmberg> | ALTER
> cassandra | cassandra | <role holmberg> | DROP
> cassandra | cassandra | <role holmberg> | AUTHORIZE
> (3 rows)
> {code}
> Now a ROWS result message is returned with the cassandra super user grants.
> Dropping the regular user causes the VOID message to be returned again.
> *Slightly different behavior on 2.2 branch:* VOID message with no result meta is returned, even if regular user is configured, until permissions are added to that user.
> *Expected:*
> It would be nice if the query always resulted in a ROWS result, even if there are no explicit permissions defined. This would provide the correct result metadata even if there are no rows.
> Additionally, it is strange that the 'cassandra' super user only appears in the results when another user is configured. I would expect it to always appear, or never.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@cassandra.apache.org
For additional commands, e-mail: commits-help@cassandra.apache.org