Hi all, I’m also leaning towards a -1 (non-binding) on this.
From what I know, none of the other major SQL databases (MySQL, PostgreSQL, SQL Server, Oracle) provide this feature either. These systems have been around longer and have broader adoption, which makes me think it’s reasonable for this logic to live in applications or tooling on top, rather than in the database itself. That said, I really appreciate the thought going into this discussion — I can see why the feature could be convenient in certain operational contexts. Best Himanshu From: Patrick McFadin <[email protected]> Date: Tuesday, September 16, 2025 at 12:06 PM To: [email protected] <[email protected]> Subject: RE: [EXTERNAL] [DISCUSS] CEP-55 Generated role names CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you can confirm the sender and know the content is safe. Thanks Mick, I'm just digging into this more after a long week of travel. Generally, I'm -1 for adding more custom syntax. Another concern of mine is adding control plane actions in DDL. I understand the usefulness of a feature like this in ops. It's a great idea.. Here would be my counter proposal: - Leave the CQL as is and keep "CREATE ROLE" etc as is, and avoid making changes to core Cassandra. - Move the generation & policy to the sidecar project. A sidecar endpoint will generate the role name/password, enforce prefix/suffix/length requirements, ensure uniqueness, and then return the role and password (or a secret handle) to the caller. Why? - End users will have it faster since it will work with any version of Cassandra supporting the CREATE syntax. (No having to backport either) - Keeps control plane actions optional and separated. Not an attack surface inside core Cassandra - We keep the syntax of CQL more generic and less one-off. - k8s/Cloud native friendly with separation of control plane/data plane. Patrick On Tue, Sep 16, 2025 at 7:31 AM Mick <[email protected]<mailto:[email protected]>> wrote: > I think enough time passed for everybody to participate in the discussion so > I would just move on and start the voting thread soon. Can we give CEP discussions longer than ~one week, please. Folk are easily away/offline for a whole week. Take for example many who were at Community over Code and may still be catching up on their inbox, thinking dev@ is a less urgent folder. I haven't look at how fast the other CEP discuss threads have turned around, I apologise if I'm only singling one out, my concern applies generally.
