You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cassandra.apache.org by "Vishy Kasar (JIRA)" <ji...@apache.org> on 2015/03/12 01:46:39 UTC
[jira] [Created] (CASSANDRA-8957) Move TRUNCATE from MODIFY to
DROP permission group
Vishy Kasar created CASSANDRA-8957:
--------------------------------------
Summary: Move TRUNCATE from MODIFY to DROP permission group
Key: CASSANDRA-8957
URL: https://issues.apache.org/jira/browse/CASSANDRA-8957
Project: Cassandra
Issue Type: Improvement
Reporter: Vishy Kasar
Cassandra currently has 6 permissions:
ALTER: required for ALTER KEYSPCE, ALTER TABLE, CREATE INDEX, DROP INDEX
AUTHORIZE: required for GRANT, REVOKE
CREATE: required for CREATE KEYSPACE, CREATE TABLE
DROP: required for DROP KEYSPACE, DROP TABLE
MODIFY: required for INSERT, DELETE, UPDATE, TRUNCATE
SELECT: required for SELECT
It seems incorrect to lump TRUNCATE with INSERT, DELETE, UPDATE. Every normal user typically does INSERT, DELETE, UPDATE. However a normal user does not need TRUNCATE. We want to prevent normal user accidentally truncating their tables in production. It is better to group TRUNCATE with other destructive operations such as DROP KEYSPACE, DROP TABLE.
Proposal: Move TRUNCATE from MODIFY to DROP permission group
Proposed 6 permissions looks like this:
ALTER: required for ALTER KEYSPCE, ALTER TABLE, CREATE INDEX, DROP INDEX
AUTHORIZE: required for GRANT, REVOKE
CREATE: required for CREATE KEYSPACE, CREATE TABLE
DROP: required for DROP KEYSPACE, DROP TABLE, TRUNCATE
MODIFY: required for INSERT, DELETE, UPDATE
SELECT: required for SELECT
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)