You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cassandra.apache.org by "Sam Tunnicliffe (JIRA)" <ji...@apache.org> on 2015/03/03 13:20:05 UTC
[jira] [Updated] (CASSANDRA-8849) ListUsersStatement should
consider inherited superuser status
[ https://issues.apache.org/jira/browse/CASSANDRA-8849?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Sam Tunnicliffe updated CASSANDRA-8849:
---------------------------------------
Attachment: 8849-v2.txt
Attached a v2 patch with the comments addressed. I've named the new class managing the caching {{RolesCache}} but that seems slightly inaccurate as caching may actually be disabled by setting {{roles_validity_in_ms}} to 0 (or if {{AllowAllAuthenticator}} is in use). The new class encapsulates this behaviour, so perhaps would be better named {{CachingRoleProvider}} or similar.
If we do rename along those lines, we may want to follow up with something similar for {{PermissionsCache}}.
bq. Additionally, a dtest would be nice to have.
Sorry, I forgot to link to the PR with the new dtest:
https://github.com/riptano/cassandra-dtest/pull/174
> ListUsersStatement should consider inherited superuser status
> -------------------------------------------------------------
>
> Key: CASSANDRA-8849
> URL: https://issues.apache.org/jira/browse/CASSANDRA-8849
> Project: Cassandra
> Issue Type: Bug
> Reporter: Sam Tunnicliffe
> Assignee: Sam Tunnicliffe
> Priority: Minor
> Fix For: 3.0
>
> Attachments: 8849-v2.txt, 8849.txt
>
>
> When introducing roles in CASSANDRA-7653, we retained {{LIST USERS}} support for backwards compatibility. However, the {{super}} column in its results is derived from {{IRoleManager#isSuper}} which only returns the superuser status for the named role and doesn't consider any other roles granted to it.
> {{LIST USERS}} then incorrectly shows a role which does not directly have superuser status, but which inherits it as not-a-superuser.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)