You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cassandra.apache.org by "Philip Thompson (JIRA)" <ji...@apache.org> on 2014/11/14 21:56:34 UTC
[jira] [Resolved] (CASSANDRA-8213) Grant Permission fails if
permission had been revoked previously
[ https://issues.apache.org/jira/browse/CASSANDRA-8213?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Philip Thompson resolved CASSANDRA-8213.
----------------------------------------
Resolution: Fixed
> Grant Permission fails if permission had been revoked previously
> ----------------------------------------------------------------
>
> Key: CASSANDRA-8213
> URL: https://issues.apache.org/jira/browse/CASSANDRA-8213
> Project: Cassandra
> Issue Type: Bug
> Reporter: Philip Thompson
> Assignee: Aleksey Yeschenko
> Fix For: 2.1.3
>
>
> The dtest auth_test.py:TestAuth.alter_cf_auth_test is failing.
> {code}
> cassandra.execute("GRANT ALTER ON ks.cf TO cathy")
> cathy.execute("ALTER TABLE ks.cf ADD val int")
> cassandra.execute("REVOKE ALTER ON ks.cf FROM cathy")
> self.assertUnauthorized("User cathy has no ALTER permission on <table ks.cf> or any of its parents",
> cathy, "CREATE INDEX ON ks.cf(val)")
> cassandra.execute("GRANT ALTER ON ks.cf TO cathy")
> cathy.execute("CREATE INDEX ON ks.cf(val)")
> {code}
> In this section of code, the user cathy is granted "ALTER" permissions on 'ks.cf', then they are revoked, then granted again. Monitoring system_auth.permissions during this section of code show that the permission is added with the initial grant, and revoked properly, but the table remains empty after the second grant.
> When the cathy user attempts to create an index, the following exception is thrown:
> {code}
> Unauthorized: code=2100 [Unauthorized] message="User cathy has no ALTER permission on <table ks.cf> or any of its parents"
> {code}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)