[ https://issues.apache.org/jira/browse/CASSANDRA-8082?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14163681#comment-14163681 ]
Sylvain Lebresne commented on CASSANDRA-8082: --------------------------------------------- For what it's worth, I do think at least separating {{TRUNCATE}} would make sense. If a user that's not supposed to do truncate fat-finger and do one by mistake, I think having that user get back a permission error is *a lot* better than having you site go down because someone made a mistake, and this even if you have snapshots to somewhat fix it after the fact. I suppose it would also be possible to have some {{REMOVE}} permission that would not just reject {{DELETE}} statements but also reject an update that sets some {{null}}. I'm a little less sure if that would actually be useful in practice though. But at least adding a {{TRUNCATE}} permission feels useful to me and relatively simple from what I can tell (we can leave {{TRUNCATE}} part of {{MODIFY}} (so it's not a breaking change) but make it possible to truncate only if you have both {{MODIFY}} and {{TRUNCATE}}). > Support finer grained Modify CQL permissions > -------------------------------------------- > > Key: CASSANDRA-8082 > URL: https://issues.apache.org/jira/browse/CASSANDRA-8082 > Project: Cassandra > Issue Type: New Feature > Reporter: Johnny Miller > > Currently CQL permissions are grouped as: > ALL - All statements > ALTER - ALTER KEYSPACE, ALTER TABLE, CREATE INDEX, DROP INDEX > AUTHORIZE - GRANT, REVOKE > CREATE - CREATE KEYSPACE, CREATE TABLE > DROP - DROP KEYSPACE, DROP TABLE > MODIFY - INSERT, DELETE, UPDATE, TRUNCATE > SELECT -SELECT > The MODIFY permission is too wide. There are plenty scenarios where a user > should not be to DELETE and TRUNCATE a table but should be able to INSERT and > UPDATE. > It would be great if Cassandra could either support defining permissions > dynamically or have additional finer grained MODIFY related permissions. -- This message was sent by Atlassian JIRA (v6.3.4#6332)