You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cassandra.apache.org by "Andres de la Peña (Jira)" <ji...@apache.org> on 2021/09/29 12:26:00 UTC

[jira] [Comment Edited] (CASSANDRA-16902) A user should be able to view permissions of role they created

    [ https://issues.apache.org/jira/browse/CASSANDRA-16902?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17422089#comment-17422089 ] 

Andres de la Peña edited comment on CASSANDRA-16902 at 9/29/21, 12:25 PM:
--------------------------------------------------------------------------

[~azotcsit] I have addressed your nits on the PR.

Not sure about whether we want to apply the patch to the other branches, since this fix is almost a new feature. The patch applies quite cleanly to older branches, the only problem is when applying the new unit test to 3.0 and 3.11. Those branches don't have some of the testing improvements that were done during the 4.0 quality testing epic, so I think that for those branches we could live with the dtest only:
||PR||CI||
|[3.0|https://github.com/apache/cassandra/pull/1233]|[j8|https://app.circleci.com/pipelines/github/adelapena/cassandra/919/workflows/55e1d060-e2ba-4a80-ae21-83ef1c0a9b08]|
|[3.11|https://github.com/apache/cassandra/pull/1234]|[j8|https://app.circleci.com/pipelines/github/adelapena/cassandra/920/workflows/ce1d7490-1df8-47b4-a52f-3c719f271935]|
|[4.0|https://github.com/apache/cassandra/pull/1235]|[j8|https://app.circleci.com/pipelines/github/adelapena/cassandra/918/workflows/cdb716ee-168c-4db7-bccd-9120b71206c2], [j11|https://app.circleci.com/pipelines/github/adelapena/cassandra/918/workflows/3252a7db-5169-4701-b9b0-98c6ab5501f0]|
|[trunk|https://github.com/apache/cassandra/pull/1179]|[j8|https://app.circleci.com/pipelines/github/adelapena/cassandra/921/workflows/ed49dd91-cc79-46fb-8c04-2cab95b8509a], [j11|https://app.circleci.com/pipelines/github/adelapena/cassandra/921/workflows/7dd7d9f1-a16e-4c6f-88d9-34ec0abdedc2]|
|[dtest|https://github.com/apache/cassandra-dtest/pull/157]|

[~blerer] what do you think?


was (Author: adelapena):
[~azotcsit] I have addressed you nits on the PR. 

Not sure about whether we want to apply the patch to the other branches, since this fix is almost a new feature. The patch applies quite cleanly to older branches, the only problem is when applying the new unit test to 3.0 and 3.11. Those branches don't have some of the testing improvements that weere done during the 4.0 quality testing epic, so I think that for those branches we could live with the dtest only:
||PR||CI||
|[3.0|https://github.com/apache/cassandra/pull/1233]|[j8|https://app.circleci.com/pipelines/github/adelapena/cassandra/919/workflows/55e1d060-e2ba-4a80-ae21-83ef1c0a9b08]|
|[3.11|https://github.com/apache/cassandra/pull/1234]|[j8|https://app.circleci.com/pipelines/github/adelapena/cassandra/920/workflows/ce1d7490-1df8-47b4-a52f-3c719f271935]|
|[4.0|https://github.com/apache/cassandra/pull/1235]|[j8|https://app.circleci.com/pipelines/github/adelapena/cassandra/918/workflows/cdb716ee-168c-4db7-bccd-9120b71206c2], [j11|https://app.circleci.com/pipelines/github/adelapena/cassandra/918/workflows/3252a7db-5169-4701-b9b0-98c6ab5501f0]|
|[trunk|https://github.com/apache/cassandra/pull/1179]|[j8|https://app.circleci.com/pipelines/github/adelapena/cassandra/921/workflows/ed49dd91-cc79-46fb-8c04-2cab95b8509a], [j11|https://app.circleci.com/pipelines/github/adelapena/cassandra/921/workflows/7dd7d9f1-a16e-4c6f-88d9-34ec0abdedc2]|
|[dtest|https://github.com/apache/cassandra-dtest/pull/157]|

> A user should be able to view permissions of role they created
> --------------------------------------------------------------
>
>                 Key: CASSANDRA-16902
>                 URL: https://issues.apache.org/jira/browse/CASSANDRA-16902
>             Project: Cassandra
>          Issue Type: Bug
>          Components: Feature/Authorization
>            Reporter: Andres de la Peña
>            Assignee: Andres de la Peña
>            Priority: Normal
>          Time Spent: 50m
>  Remaining Estimate: 0h
>
> Currently users are denied to view permissions to see a role they created:
> {code}
> CREATE ROLE parent WITH PASSWORD = 'x' AND LOGIN = true;
> GRANT CREATE ON ALL ROLES TO parent;
> LOGIN parent;
> CREATE ROLE child WITH PASSWORD = 'x' AND LOGIN = true;
> LIST ALL PERMISSIONS OF 'child'; -- You are not authorized to view child's permissions
> {code}
> When a user creates a role they should get the {{DESCRIBE}} permission on that role by default.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@cassandra.apache.org
For additional commands, e-mail: commits-help@cassandra.apache.org