You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cassandra.apache.org by "Tyler Hobbs (JIRA)" <ji...@apache.org> on 2015/11/10 16:24:11 UTC
[jira] [Issue Comment Deleted] (CASSANDRA-10594) Inconsistent
permissions results return
[ https://issues.apache.org/jira/browse/CASSANDRA-10594?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Tyler Hobbs updated CASSANDRA-10594:
------------------------------------
Comment: was deleted
(was: bq. We could change such that a ROWS result is always returned, but whilst this wouldn't be a protocol change, it would be a change to expected, if undocumented, behaviour so we can't just go ahead and do it whenever. Under the tick-tock model, this would need to be targetted for 4.0, but you could even question whether it's worth it at all, even though it's a pain for cqlsh.
I don't think we would need to target 4.0 for this. It seems like we could make this change as part of the v5 native protocol in 3.x, where we would explicitly specify when a Void result is returned vs a Rows result. The drivers are pretty good at changing this type of behavior based on the protocol version in use, so I don't think this would be problematic for them.)
> Inconsistent permissions results return
> ---------------------------------------
>
> Key: CASSANDRA-10594
> URL: https://issues.apache.org/jira/browse/CASSANDRA-10594
> Project: Cassandra
> Issue Type: Bug
> Reporter: Adam Holmberg
> Assignee: Sam Tunnicliffe
> Priority: Minor
>
> The server returns inconsistent results when listing permissions, depending on whether a user is configured.
> *Observed with Cassandra 3.0:*
> Only super user configured:
> {code}
> cassandra@cqlsh> list all;
> role | resource | permissions
> ------+----------+-------------
> (0 rows)
> {code}
> VOID result type is returned (meaning no result meta is returned and cqlsh must use the table meta to determine columns)
> With one user configured, no grants:
> {code}
> cassandra@cqlsh> create user holmberg with password 'tmp';
> cassandra@cqlsh> list all;
> results meta: system_auth permissions 4
> role | username | resource | permission
> -----------+-----------+-------------+------------
> cassandra | cassandra | <role holmberg> | ALTER
> cassandra | cassandra | <role holmberg> | DROP
> cassandra | cassandra | <role holmberg> | AUTHORIZE
> (3 rows)
> {code}
> Now a ROWS result message is returned with the cassandra super user grants.
> Dropping the regular user causes the VOID message to be returned again.
> *Slightly different behavior on 2.2 branch:* VOID message with no result meta is returned, even if regular user is configured, until permissions are added to that user.
> *Expected:*
> It would be nice if the query always resulted in a ROWS result, even if there are no explicit permissions defined. This would provide the correct result metadata even if there are no rows.
> Additionally, it is strange that the 'cassandra' super user only appears in the results when another user is configured. I would expect it to always appear, or never.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)