cassandra-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Andres de la Peña (Jira) <j...@apache.org>
Subject [jira] [Comment Edited] (CASSANDRA-16902) A user should be able to view permissions of role they created
Date Wed, 29 Sep 2021 12:45:00 GMT

    [ https://issues.apache.org/jira/browse/CASSANDRA-16902?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17422089#comment-17422089
] 

Andres de la Peña edited comment on CASSANDRA-16902 at 9/29/21, 12:44 PM:
--------------------------------------------------------------------------

[~azotcsit] I have addressed your nits on the PR.

Not sure about whether we want to apply the patch to the other branches, since this fix is
almost a new feature. The patch applies quite cleanly to older branches, the only problem
is when applying the new unit test to 3.0 and 3.11. Those branches don't have some of the
testing improvements that were done during the 4.0 quality testing epic, so I think that for
those branches we could live with the dtest only:
||PR||CI||
|[3.0|https://github.com/apache/cassandra/pull/1233]|[j8|https://app.circleci.com/pipelines/github/adelapena/cassandra/919/workflows/7c734732-e092-4ed5-bf52-d13d3a82a9a0]|
|[3.11|https://github.com/apache/cassandra/pull/1234]|[j8|https://app.circleci.com/pipelines/github/adelapena/cassandra/920/workflows/18199018-3dea-4aed-b2a9-e5007ab5c32d]|
|[4.0|https://github.com/apache/cassandra/pull/1235]|[j8|https://app.circleci.com/pipelines/github/adelapena/cassandra/918/workflows/753e6a1a-1c82-4227-9c25-2828d807462e],
[j11|https://app.circleci.com/pipelines/github/adelapena/cassandra/918/workflows/35b7b4af-ef75-45f3-8d0f-b81058c8b580]|
|[trunk|https://github.com/apache/cassandra/pull/1179]|[j8|https://app.circleci.com/pipelines/github/adelapena/cassandra/921/workflows/f516822e-8494-4e4e-b23e-6246cd70a85d],
[j11|https://app.circleci.com/pipelines/github/adelapena/cassandra/921/workflows/127aad17-35cd-4454-9964-f8489999214f]|
|[dtest|https://github.com/apache/cassandra-dtest/pull/157]|

[~blerer] what do you think?


was (Author: adelapena):
[~azotcsit] I have addressed your nits on the PR.

Not sure about whether we want to apply the patch to the other branches, since this fix is
almost a new feature. The patch applies quite cleanly to older branches, the only problem
is when applying the new unit test to 3.0 and 3.11. Those branches don't have some of the
testing improvements that were done during the 4.0 quality testing epic, so I think that for
those branches we could live with the dtest only:
||PR||CI||
|[3.0|https://github.com/apache/cassandra/pull/1233]|[j8|https://app.circleci.com/pipelines/github/adelapena/cassandra/919/workflows/55e1d060-e2ba-4a80-ae21-83ef1c0a9b08]|
|[3.11|https://github.com/apache/cassandra/pull/1234]|[j8|https://app.circleci.com/pipelines/github/adelapena/cassandra/920/workflows/ce1d7490-1df8-47b4-a52f-3c719f271935]|
|[4.0|https://github.com/apache/cassandra/pull/1235]|[j8|https://app.circleci.com/pipelines/github/adelapena/cassandra/918/workflows/cdb716ee-168c-4db7-bccd-9120b71206c2],
[j11|https://app.circleci.com/pipelines/github/adelapena/cassandra/918/workflows/3252a7db-5169-4701-b9b0-98c6ab5501f0]|
|[trunk|https://github.com/apache/cassandra/pull/1179]|[j8|https://app.circleci.com/pipelines/github/adelapena/cassandra/921/workflows/ed49dd91-cc79-46fb-8c04-2cab95b8509a],
[j11|https://app.circleci.com/pipelines/github/adelapena/cassandra/921/workflows/7dd7d9f1-a16e-4c6f-88d9-34ec0abdedc2]|
|[dtest|https://github.com/apache/cassandra-dtest/pull/157]|

[~blerer] what do you think?

> A user should be able to view permissions of role they created
> --------------------------------------------------------------
>
>                 Key: CASSANDRA-16902
>                 URL: https://issues.apache.org/jira/browse/CASSANDRA-16902
>             Project: Cassandra
>          Issue Type: Bug
>          Components: Feature/Authorization
>            Reporter: Andres de la Peña
>            Assignee: Andres de la Peña
>            Priority: Normal
>          Time Spent: 50m
>  Remaining Estimate: 0h
>
> Currently users are denied to view permissions to see a role they created:
> {code}
> CREATE ROLE parent WITH PASSWORD = 'x' AND LOGIN = true;
> GRANT CREATE ON ALL ROLES TO parent;
> LOGIN parent;
> CREATE ROLE child WITH PASSWORD = 'x' AND LOGIN = true;
> LIST ALL PERMISSIONS OF 'child'; -- You are not authorized to view child's permissions
> {code}
> When a user creates a role they should get the {{DESCRIBE}} permission on that role by
default.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@cassandra.apache.org
For additional commands, e-mail: commits-help@cassandra.apache.org


Mime
View raw message