[jira] [Commented] (CASSANDRA-3392) SimpleAuthority does not respect access.properties seeting that do not have CF

Fri, 21 Oct 2011 07:22:56 -0700 

    [ 
https://issues.apache.org/jira/browse/CASSANDRA-3392?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13132694#comment-13132694
 ] 

Jonathan Ellis commented on CASSANDRA-3392:
-------------------------------------------

I think it's working as designed.  Making it hierarchical is more complex 
(mixing KS and CF names as in this patch is broken) and probably not worth the 
trouble.

(Frank Yang also took a stab at this in CASSANDRA-3319 but he just ignores CF 
entirely, which isn't much of an improvement either.)
                
> SimpleAuthority does not respect access.properties seeting that do not have CF
> ------------------------------------------------------------------------------
>
>                 Key: CASSANDRA-3392
>                 URL: https://issues.apache.org/jira/browse/CASSANDRA-3392
>             Project: Cassandra
>          Issue Type: Bug
>            Reporter: Jackson Chung
>            Priority: Minor
>         Attachments: 3392.patch
>
>
> when using SimpleAuthenticator in the example, if I am not mistaken, user is 
> allowed to config :
> {noformat}
> testks.<ro>=jackson
> testks.<rw>=action
> <modify-keyspaces>=somebody
> {noformat}
> by that, the desire effect should be user "jackson" can perform read access 
> for everything in testks keyspace, that should implies any column family in 
> it.
> likewise user "action" can perform any write access for everything in the 
> testks keyspace, that should implies any column family in it.
> If the above is not true, then please mark this invalid, otherwise it 
> currently does not do the above. When I have the above setting, my get/read 
> from that keyspace was resulting in InvalidRequestException:
> [default@testks] get testcf[utf8('j')];
> null
> InvalidRequestException(why:#<User jackson groups=[]> does not have 
> permission READ for /cassandra/keyspaces/testks/testcf)
> [default@testks] list testcf;
> Using default limit of 100
> null
> InvalidRequestException(why:#<User jackson groups=[]> does not have 
> permission READ for /cassandra/keyspaces/testks/testcf)

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: 
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

Reply via email to