cassandra-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Aleksey Yeschenko (JIRA)" <>
Subject [jira] [Resolved] (CASSANDRA-6304) Better handling of authorization for User Types
Date Mon, 06 Jan 2014 19:26:50 GMT


Aleksey Yeschenko resolved CASSANDRA-6304.

    Resolution: Not A Problem

Now that CASSANDRA-6438 made the types keyspace-scoped, this issue is no longer relevant.

> Better handling of authorization for User Types
> -----------------------------------------------
>                 Key: CASSANDRA-6304
>                 URL:
>             Project: Cassandra
>          Issue Type: New Feature
>            Reporter: Aleksey Yeschenko
>            Assignee: Aleksey Yeschenko
>             Fix For: 2.1
> Currently, we require CREATE/ALTER/DROP on ALL KEYSPACES, which is a bit excessive, and
not entirely correct (but is the best we can do atm).
> We should:
> 1. create a new IResource implementation for user types (TypeResource)
> 2. extend CQL3 GRANT/REVOKE to allow CREATE/ALTER/DROP on (ALL TYPES|TYPE <name>)
> 3. require CREATE/ALTER/DROP permissions instead of requiring all keyspace access
> We could (should?) optionally require ALTER permission on the columnfamilies affected
by ALTER TYPE. Not sure about this?
> We also don't currently allow dropping a type that's in use by a CF. So someone might
start using a type in the cf, and the 'owner' of the type would not be able to drop it. So
we should either add some kind of USE permission for types, or make it possible to drop a
type that's currently in use.

This message was sent by Atlassian JIRA

View raw message