[jira] [Comment Edited] (CASSANDRA-16902) A user should be able to view permissions of role they created

Tue, 31 Aug 2021 05:48:08 -0700 


    [ 
https://issues.apache.org/jira/browse/CASSANDRA-16902?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17407313#comment-17407313
 ] 

Andres de la Peña edited comment on CASSANDRA-16902 at 8/31/21, 12:47 PM:
--------------------------------------------------------------------------

The proposed patch adds {{DESCRIBE}} permissions to roles:
||PR||CI||
|[trunk|https://github.com/apache/cassandra/pull/1179]|[j8|https://app.circleci.com/pipelines/github/adelapena/cassandra/812/workflows/8727c0e0-2b78-4320-9e71-b2e93eee695d]
 
[j11|https://app.circleci.com/pipelines/github/adelapena/cassandra/812/workflows/37bc1376-00af-4822-82f7-0e09b45765cd]|
|[dtest|https://github.com/apache/cassandra-dtest/pull/157]|

Probably we should apply this fix to older branches.

All praise to [~snazy], who is the original author of the patch.


was (Author: adelapena):
The proposed patch add {{DESCRIBE}} permissions to roles:
||PR||CI||
|[trunk|https://github.com/apache/cassandra/pull/1179]|[j8|https://app.circleci.com/pipelines/github/adelapena/cassandra/812/workflows/8727c0e0-2b78-4320-9e71-b2e93eee695d]
 
[j11|https://app.circleci.com/pipelines/github/adelapena/cassandra/812/workflows/37bc1376-00af-4822-82f7-0e09b45765cd]|
|[dtest|https://github.com/apache/cassandra-dtest/pull/157]|

Probably we should apply this fix to older branches.

All praise to [~snazy], who is the original author of the patch.

> A user should be able to view permissions of role they created
> --------------------------------------------------------------
>
>                 Key: CASSANDRA-16902
>                 URL: https://issues.apache.org/jira/browse/CASSANDRA-16902
>             Project: Cassandra
>          Issue Type: Bug
>          Components: Feature/Authorization
>            Reporter: Andres de la Peña
>            Assignee: Andres de la Peña
>            Priority: Normal
>
> Currently users are denied to view permissions to see a role they created:
> {code}
> CREATE ROLE parent WITH PASSWORD = 'x' AND LOGIN = true;
> GRANT CREATE ON ALL ROLES TO parent;
> LOGIN parent;
> CREATE ROLE child WITH PASSWORD = 'x' AND LOGIN = true;
> LIST ALL PERMISSIONS OF 'child'; -- You are not authorized to view child's 
> permissions
> {code}
> When a user creates a role they should get the {{DESCRIBE}} permission on 
> that role by default.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org
For additional commands, e-mail: commits-h...@cassandra.apache.org

Reply via email to