[ https://issues.apache.org/jira/browse/CASSANDRA-4868?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13485802#comment-13485802 ]
Aleksey Yeschenko commented on CASSANDRA-4868: ---------------------------------------------- An empty collection should mean 'Absence of permission'. Which is why I don't like the idea of NO_ACCEES at all. However, since we do have it now, and it is possible for a user to have both FULL_ACCESS and NO_ACCESS for some resource at the same time, let's at least be strict and look for NO_ACCESS first. If we can just get rid of NO_ACCESS, however, let's do that. > When authorizing actions, check for NO_ACCESS permission first instead of > FULL_ACCESS > ------------------------------------------------------------------------------------- > > Key: CASSANDRA-4868 > URL: https://issues.apache.org/jira/browse/CASSANDRA-4868 > Project: Cassandra > Issue Type: Improvement > Affects Versions: 1.1.6, 1.2.0 beta 1 > Reporter: Aleksey Yeschenko > Assignee: Aleksey Yeschenko > Priority: Minor > Fix For: 1.1.7, 1.2.0 beta 2 > > Attachments: CASSANDRA-4868-1.1.txt, CASSANDRA-4868-1.2.txt > > > When authorizing actions, check for NO_ACCESS permission first instead of > FULL_ACCESS (ClientState.hasAccess). This seems like a safer order to me. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira