[jira] [Updated] (CASSANDRA-8849) ListUsersStatement should consider inherited superuser status

["Sam Tunnicliffe (JIRA)" <ji...@apache.org>]

     [ https://issues.apache.org/jira/browse/CASSANDRA-8849?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Sam Tunnicliffe updated CASSANDRA-8849:
---------------------------------------
    Attachment: 8849-v2.txt

Attached a v2 patch with the comments addressed. I've named the new class managing the caching {{RolesCache}} but that seems slightly inaccurate as caching may actually be disabled by setting {{roles_validity_in_ms}} to 0 (or if {{AllowAllAuthenticator}} is in use). The new class encapsulates this behaviour, so perhaps would be better named {{CachingRoleProvider}} or similar. 

If we do rename along those lines, we may want to follow up with something similar for {{PermissionsCache}}.


bq. Additionally, a dtest would be nice to have.

Sorry, I forgot to link to the PR with the new dtest:
https://github.com/riptano/cassandra-dtest/pull/174

> ListUsersStatement should consider inherited superuser status
> -------------------------------------------------------------
>
>                 Key: CASSANDRA-8849
>                 URL: https://issues.apache.org/jira/browse/CASSANDRA-8849
>             Project: Cassandra
>          Issue Type: Bug
>            Reporter: Sam Tunnicliffe
>            Assignee: Sam Tunnicliffe
>            Priority: Minor
>             Fix For: 3.0
>
>         Attachments: 8849-v2.txt, 8849.txt
>
>
> When introducing roles in CASSANDRA-7653, we retained {{LIST USERS}} support for backwards compatibility. However, the {{super}} column in its results is derived from {{IRoleManager#isSuper}} which only returns the superuser status for the named role and doesn't consider any other roles granted to it. 
> {{LIST USERS}} then incorrectly shows a role which does not directly have superuser status, but which inherits it as not-a-superuser.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)