EC - eventual consensus? On Tue, Jul 11, 2023 at 4:03 PM Dinesh Joshi <djo...@apache.org> wrote:
> folks - I think we’ve achieved lazy consensus here. Please continue with > feedback on the jira. > > Thanks, > > Dinesh > > > On Jul 7, 2023, at 12:23 PM, Jyothsna Konisa <jyothsna1...@gmail.com> > wrote: > > > Hi Yuki, Jeremiah & Christopher, > > Thank you very much for the feedback. > > Regarding removing superuser check for adding/removing identities, I have > relaxed that check and added permissions check instead. With this change > only users with appropriate permissions to add/drop identities can perform > that action. > > About extending `Create Role` cqlsh statement, we have a couple of reasons > for not doing that. We designed the mTLS authenticator in such a way that a > single role can be associated with multiple identities, EX: there can be > several identities which are read_only users. Also, having a separate cqlsh > statement for identities makes it more pluggable and independent. If we > still think that extending the create role statement would be a convenient > feature, we can add it as required in the followup patches. > > Christopher, I will be acting upon your feedback regarding having identity > in the cassandra.yaml optionally configurable. > > Thanks, > Jyothsna Konisa. > > On Thu, Jul 6, 2023 at 5:30 PM Dinesh Joshi <djo...@apache.org> wrote: > >> > On Jun 30, 2023, at 1:09 PM, Jeremiah Jordan <jerem...@datastax.com> >> wrote: >> > >> > I don’t think users necessarily need to be able to update their own >> identities. I just don’t want to have to use the super user role. The >> super user role has all power over all things in the data base. I don’t >> want to have to give that much power to the person who manages identities, >> I just want to give them the power to manage identities. >> >> Makes sense. I think Jyothsna already pushed an update to the PR to relax >> the restriction. Please feel free to take a look at it. >> >> Dinesh >> >> >> >> -- +---------------------------------------------------------------+ | Derek Chen-Becker | | GPG Key available at https://keybase.io/dchenbecker and | | https://pgp.mit.edu/pks/lookup?search=derek%40chen-becker.org | | Fngrprnt: EB8A 6480 F0A3 C8EB C1E7 7F42 AFC5 AFEE 96E4 6ACC | +---------------------------------------------------------------+