cassandra-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Andres de la Peña (Jira) <j...@apache.org>
Subject [jira] [Commented] (CASSANDRA-16902) A user should be able to view permissions of role they created
Date Tue, 28 Sep 2021 15:38:00 GMT

    [ https://issues.apache.org/jira/browse/CASSANDRA-16902?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17421462#comment-17421462
] 

Andres de la Peña commented on CASSANDRA-16902:
-----------------------------------------------

[~azotcsit] thanks for the review. Keeping the authorization logic in {{CassandraAuthorizer}} makes
sense to me, and the new unit test looks nice. I have incorporated you changes to the PR with
minimal modifications. I have also extended the test to exercise the authorization exception.

||PR||CI||
|[trunk|https://github.com/apache/cassandra/pull/1179]|[j8|https://app.circleci.com/pipelines/github/adelapena/cassandra/913/workflows/24c1e434-08a3-45d0-95f7-7182f34d80cf]
[j11|https://app.circleci.com/pipelines/github/adelapena/cassandra/913/workflows/40bf1a55-0ee1-4f15-939a-7072f7c0b3f3]|
|[dtest|https://github.com/apache/cassandra-dtest/pull/157]|

> A user should be able to view permissions of role they created
> --------------------------------------------------------------
>
>                 Key: CASSANDRA-16902
>                 URL: https://issues.apache.org/jira/browse/CASSANDRA-16902
>             Project: Cassandra
>          Issue Type: Bug
>          Components: Feature/Authorization
>            Reporter: Andres de la Peña
>            Assignee: Andres de la Peña
>            Priority: Normal
>          Time Spent: 0.5h
>  Remaining Estimate: 0h
>
> Currently users are denied to view permissions to see a role they created:
> {code}
> CREATE ROLE parent WITH PASSWORD = 'x' AND LOGIN = true;
> GRANT CREATE ON ALL ROLES TO parent;
> LOGIN parent;
> CREATE ROLE child WITH PASSWORD = 'x' AND LOGIN = true;
> LIST ALL PERMISSIONS OF 'child'; -- You are not authorized to view child's permissions
> {code}
> When a user creates a role they should get the {{DESCRIBE}} permission on that role by
default.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@cassandra.apache.org
For additional commands, e-mail: commits-help@cassandra.apache.org


Mime
View raw message