[ https://issues.apache.org/jira/browse/CASSANDRA-9892?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14651649#comment-14651649 ]
Robert Stupp commented on CASSANDRA-9892: ----------------------------------------- {{GRANT CREATE TRUSTED FUNCTION TO ...}} could be the privilege to create non-sandboxed functions. But it would require some extension to the authz code + schema. {{GRANT CREATE TRUSTED TO ...}} could be an additional privilege required to create non-sandboxed functions (in addition to CREATE FUNCTION privilege). {{GRANT TRUST FUNCTION TO ...}} would be a new permission (thus requiring CREATE + TRUST permissions). > Add support for unsandboxed UDF > ------------------------------- > > Key: CASSANDRA-9892 > URL: https://issues.apache.org/jira/browse/CASSANDRA-9892 > Project: Cassandra > Issue Type: New Feature > Reporter: Jonathan Ellis > Assignee: Robert Stupp > Priority: Minor > > From discussion on CASSANDRA-9402, > The approach postgresql takes is to distinguish between "trusted" (sandboxed) > and "untrusted" (anything goes) UDF languages. > Creating an untrusted language always requires superuser mode. Once that is > done, creating functions in it requires nothing special. > Personally I would be fine with this approach, but I think it would be more > useful to have the extra permission on creating the function, and also > wouldn't require adding explicit CREATE LANGUAGE. > So I'd suggest just providing different CQL permissions for trusted and > untrusted, i.e. if you have CREATE FUNCTION permission that allows you to > create sandboxed UDF, but you can only create unsandboxed if you have CREATE > UNTRUSTED. -- This message was sent by Atlassian JIRA (v6.3.4#6332)