You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cassandra.apache.org by "Aleksey Yeschenko (JIRA)" <ji...@apache.org> on 2014/11/28 17:12:12 UTC

[jira] [Updated] (CASSANDRA-8082) Consider re-introducing TRUNCATE permission

     [ https://issues.apache.org/jira/browse/CASSANDRA-8082?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Aleksey Yeschenko updated CASSANDRA-8082:
-----------------------------------------
    Description: 
We should consider re-introducing a separate `TRUNCATE` permission.

Truncate operation would require both `MODIFY` and `TRUNCATE` to run.

I'm not entirely sold on this change, as we do create snapshots before truncating, so fat-fingers aren't catastrophic, but am open to the idea.

Original description:
{quote}
Currently CQL permissions are grouped as:

ALL	- All statements
ALTER - ALTER KEYSPACE, ALTER TABLE, CREATE INDEX, DROP INDEX
AUTHORIZE - GRANT, REVOKE
CREATE - CREATE KEYSPACE, CREATE TABLE
DROP - DROP KEYSPACE, DROP TABLE
MODIFY - INSERT, DELETE, UPDATE, TRUNCATE
SELECT -SELECT

The MODIFY permission is too wide. There are plenty scenarios where a user should not be to DELETE and TRUNCATE a table but should be able to INSERT and UPDATE. 

It would be great if Cassandra could either support defining permissions dynamically or have additional finer grained MODIFY related permissions.
{quote}

  was:
Currently CQL permissions are grouped as:

ALL	- All statements
ALTER - ALTER KEYSPACE, ALTER TABLE, CREATE INDEX, DROP INDEX
AUTHORIZE - GRANT, REVOKE
CREATE - CREATE KEYSPACE, CREATE TABLE
DROP - DROP KEYSPACE, DROP TABLE
MODIFY - INSERT, DELETE, UPDATE, TRUNCATE
SELECT -SELECT

The MODIFY permission is too wide. There are plenty scenarios where a user should not be to DELETE and TRUNCATE a table but should be able to INSERT and UPDATE. 

It would be great if Cassandra could either support defining permissions dynamically or have additional finer grained MODIFY related permissions.


        Summary: Consider re-introducing TRUNCATE permission  (was: Support finer grained Modify CQL permissions)

> Consider re-introducing TRUNCATE permission
> -------------------------------------------
>
>                 Key: CASSANDRA-8082
>                 URL: https://issues.apache.org/jira/browse/CASSANDRA-8082
>             Project: Cassandra
>          Issue Type: New Feature
>            Reporter: Johnny Miller
>
> We should consider re-introducing a separate `TRUNCATE` permission.
> Truncate operation would require both `MODIFY` and `TRUNCATE` to run.
> I'm not entirely sold on this change, as we do create snapshots before truncating, so fat-fingers aren't catastrophic, but am open to the idea.
> Original description:
> {quote}
> Currently CQL permissions are grouped as:
> ALL	- All statements
> ALTER - ALTER KEYSPACE, ALTER TABLE, CREATE INDEX, DROP INDEX
> AUTHORIZE - GRANT, REVOKE
> CREATE - CREATE KEYSPACE, CREATE TABLE
> DROP - DROP KEYSPACE, DROP TABLE
> MODIFY - INSERT, DELETE, UPDATE, TRUNCATE
> SELECT -SELECT
> The MODIFY permission is too wide. There are plenty scenarios where a user should not be to DELETE and TRUNCATE a table but should be able to INSERT and UPDATE. 
> It would be great if Cassandra could either support defining permissions dynamically or have additional finer grained MODIFY related permissions.
> {quote}



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)