You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@cassandra.apache.org by "Aleksei Zotov (Jira)" <ji...@apache.org> on 2021/09/24 12:15:00 UTC

[jira] [Commented] (CASSANDRA-16902) A user should be able to view permissions of role they created

    [ https://issues.apache.org/jira/browse/CASSANDRA-16902?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17419745#comment-17419745 ] 

Aleksei Zotov commented on CASSANDRA-16902:
-------------------------------------------

[~adelapena]

I put some comment to the PR, please, check them out and let me know your thoughts.

The main points:
 # do we want to keep authorization logic in {{CassandraAuthorizer}} or move to {{ListPermissionsStatement}}? I feel moving makes sense, but I'd move it to {{authorize}} method then. 
 # I wrote a unit test (while trying to figure out what is going on), could you, please, check it and incorporate to the PR if it looks good to you.

You can find the unit test and other changes I'm referring to in the PR comments here: https://github.com/azotcsit/cassandra/commit/4ee78c216c1f4e03f55174c9f2d7b86385bbbd3d

> A user should be able to view permissions of role they created
> --------------------------------------------------------------
>
>                 Key: CASSANDRA-16902
>                 URL: https://issues.apache.org/jira/browse/CASSANDRA-16902
>             Project: Cassandra
>          Issue Type: Bug
>          Components: Feature/Authorization
>            Reporter: Andres de la Peña
>            Assignee: Andres de la Peña
>            Priority: Normal
>          Time Spent: 20m
>  Remaining Estimate: 0h
>
> Currently users are denied to view permissions to see a role they created:
> {code}
> CREATE ROLE parent WITH PASSWORD = 'x' AND LOGIN = true;
> GRANT CREATE ON ALL ROLES TO parent;
> LOGIN parent;
> CREATE ROLE child WITH PASSWORD = 'x' AND LOGIN = true;
> LIST ALL PERMISSIONS OF 'child'; -- You are not authorized to view child's permissions
> {code}
> When a user creates a role they should get the {{DESCRIBE}} permission on that role by default.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@cassandra.apache.org
For additional commands, e-mail: commits-help@cassandra.apache.org