You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@cassandra.apache.org by "Aleksey Yeschenko (JIRA)" <ji...@apache.org> on 2014/01/06 20:26:50 UTC

[jira] [Resolved] (CASSANDRA-6304) Better handling of authorization for User Types

     [ https://issues.apache.org/jira/browse/CASSANDRA-6304?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Aleksey Yeschenko resolved CASSANDRA-6304.
------------------------------------------

    Resolution: Not A Problem

Now that CASSANDRA-6438 made the types keyspace-scoped, this issue is no longer relevant.

> Better handling of authorization for User Types
> -----------------------------------------------
>
>                 Key: CASSANDRA-6304
>                 URL: https://issues.apache.org/jira/browse/CASSANDRA-6304
>             Project: Cassandra
>          Issue Type: New Feature
>            Reporter: Aleksey Yeschenko
>            Assignee: Aleksey Yeschenko
>             Fix For: 2.1
>
>
> Currently, we require CREATE/ALTER/DROP on ALL KEYSPACES, which is a bit excessive, and not entirely correct (but is the best we can do atm).
> We should:
> 1. create a new IResource implementation for user types (TypeResource)
> 2. extend CQL3 GRANT/REVOKE to allow CREATE/ALTER/DROP on (ALL TYPES|TYPE <name>)
> 3. require CREATE/ALTER/DROP permissions instead of requiring all keyspace access
> We could (should?) optionally require ALTER permission on the columnfamilies affected by ALTER TYPE. Not sure about this?
> We also don't currently allow dropping a type that's in use by a CF. So someone might start using a type in the cf, and the 'owner' of the type would not be able to drop it. So we should either add some kind of USE permission for types, or make it possible to drop a type that's currently in use.



--
This message was sent by Atlassian JIRA
(v6.1.5#6160)