[jira] [Commented] (CASSANDRA-16902) A user should be able to view permissions of role they created
[
https://issues.apache.org/jira/browse/CASSANDRA-16902?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17434981#comment-17434981
]
Andres de la Peña commented on CASSANDRA-16902:
---
Committed to 3.0 as
[969531a113530eb87d5ea350aa005abc946a5152|https://github.com/apache/cassandra/commit/969531a113530eb87d5ea350aa005abc946a5152]
and merged to
[3.11|https://github.com/apache/cassandra/commit/3d74cad35f94eaa2003c51e9755d5c71adb093f6],
[4.0|https://github.com/apache/cassandra/commit/6c9d5abbc56c043b8d89232bbc2d145482e297c3]
and
[trunk|https://github.com/apache/cassandra/commit/d21e0dd8461e7ab9ce41ad4ee58e75134dc918ab].
Dtest changes committed as
[027eb0dbc6b71f547f156c05fad0b418939e4d92|https://github.com/apache/cassandra-dtest/commit/027eb0dbc6b71f547f156c05fad0b418939e4d92].
Thanks for the reviews.
> A user should be able to view permissions of role they created
> --
>
> Key: CASSANDRA-16902
> URL: https://issues.apache.org/jira/browse/CASSANDRA-16902
> Project: Cassandra
> Issue Type: Bug
> Components: Feature/Authorization
>Reporter: Andres de la Peña
>Assignee: Andres de la Peña
>Priority: Normal
> Time Spent: 50m
> Remaining Estimate: 0h
>
> Currently users are denied to view permissions to see a role they created:
> {code}
> CREATE ROLE parent WITH PASSWORD = 'x' AND LOGIN = true;
> GRANT CREATE ON ALL ROLES TO parent;
> LOGIN parent;
> CREATE ROLE child WITH PASSWORD = 'x' AND LOGIN = true;
> LIST ALL PERMISSIONS OF 'child'; -- You are not authorized to view child's
> permissions
> {code}
> When a user creates a role they should get the {{DESCRIBE}} permission on
> that role by default.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
-
To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org
For additional commands, e-mail: commits-h...@cassandra.apache.org
[jira] [Commented] (CASSANDRA-16902) A user should be able to view permissions of role they created
[
https://issues.apache.org/jira/browse/CASSANDRA-16902?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17434530#comment-17434530
]
Aleksei Zotov commented on CASSANDRA-16902:
---
The updated patch LGTM, +1.
> A user should be able to view permissions of role they created
> --
>
> Key: CASSANDRA-16902
> URL: https://issues.apache.org/jira/browse/CASSANDRA-16902
> Project: Cassandra
> Issue Type: Bug
> Components: Feature/Authorization
>Reporter: Andres de la Peña
>Assignee: Andres de la Peña
>Priority: Normal
> Time Spent: 50m
> Remaining Estimate: 0h
>
> Currently users are denied to view permissions to see a role they created:
> {code}
> CREATE ROLE parent WITH PASSWORD = 'x' AND LOGIN = true;
> GRANT CREATE ON ALL ROLES TO parent;
> LOGIN parent;
> CREATE ROLE child WITH PASSWORD = 'x' AND LOGIN = true;
> LIST ALL PERMISSIONS OF 'child'; -- You are not authorized to view child's
> permissions
> {code}
> When a user creates a role they should get the {{DESCRIBE}} permission on
> that role by default.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
-
To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org
For additional commands, e-mail: commits-h...@cassandra.apache.org
[jira] [Commented] (CASSANDRA-16902) A user should be able to view permissions of role they created
[
https://issues.apache.org/jira/browse/CASSANDRA-16902?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17434468#comment-17434468
]
Andres de la Peña commented on CASSANDRA-16902:
---
I also think that we don't need to port back those test improvements. Besides
CASSANDRA-17027, we would also need some stuff from CASSANDRA-16918,
CASSANDRA-16404 and CASSANDRA-14497, and I'm not sure that is a good idea to
apply so many changes to the relatively stable older branches for a mainly
cosmetic improvement.
Here is a final CI round after rebase, including repeated runs of the
new/modified tests:
||PR||CI||
|[3.0|https://github.com/apache/cassandra/pull/1233]|[j8|https://app.circleci.com/pipelines/github/adelapena/cassandra/1085/workflows/299084af-60a7-4637-9448-6eb62e7b36ba]|
|[3.11|https://github.com/apache/cassandra/pull/1234]|[j8|https://app.circleci.com/pipelines/github/adelapena/cassandra/1086/workflows/935b5a9c-b2da-42b1-a224-573f6d387c31]|
|[4.0|https://github.com/apache/cassandra/pull/1235]|[j8|https://app.circleci.com/pipelines/github/adelapena/cassandra/1088/workflows/1f421ce7-f6ad-41e8-8ee4-4726b716e279]
[j11|https://app.circleci.com/pipelines/github/adelapena/cassandra/1088/workflows/a1de585a-aa03-4d1b-a9ca-07e660f86ea9]|
|[trunk|https://github.com/apache/cassandra/pull/1179]|[j8|https://app.circleci.com/pipelines/github/adelapena/cassandra/1087/workflows/af2ce406-b50e-4e67-828f-5bc96ed12eb8]
[j11|https://app.circleci.com/pipelines/github/adelapena/cassandra/1087/workflows/3a6f102a-1827-42b3-978c-8fc12b221033]|
|[dtest|https://github.com/apache/cassandra-dtest/pull/157]|
> A user should be able to view permissions of role they created
> --
>
> Key: CASSANDRA-16902
> URL: https://issues.apache.org/jira/browse/CASSANDRA-16902
> Project: Cassandra
> Issue Type: Bug
> Components: Feature/Authorization
>Reporter: Andres de la Peña
>Assignee: Andres de la Peña
>Priority: Normal
> Time Spent: 50m
> Remaining Estimate: 0h
>
> Currently users are denied to view permissions to see a role they created:
> {code}
> CREATE ROLE parent WITH PASSWORD = 'x' AND LOGIN = true;
> GRANT CREATE ON ALL ROLES TO parent;
> LOGIN parent;
> CREATE ROLE child WITH PASSWORD = 'x' AND LOGIN = true;
> LIST ALL PERMISSIONS OF 'child'; -- You are not authorized to view child's
> permissions
> {code}
> When a user creates a role they should get the {{DESCRIBE}} permission on
> that role by default.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
-
To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org
For additional commands, e-mail: commits-h...@cassandra.apache.org
[jira] [Commented] (CASSANDRA-16902) A user should be able to view permissions of role they created
[
https://issues.apache.org/jira/browse/CASSANDRA-16902?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17434406#comment-17434406
]
Benjamin Lerer commented on CASSANDRA-16902:
The patch looks good to me.
{quote}Those utils are only present in trunk, I wonder if we should port them
back to older branches.{quote}
I do not feel a real need for it but I am also not against it if you believe
that it makes sense.
> A user should be able to view permissions of role they created
> --
>
> Key: CASSANDRA-16902
> URL: https://issues.apache.org/jira/browse/CASSANDRA-16902
> Project: Cassandra
> Issue Type: Bug
> Components: Feature/Authorization
>Reporter: Andres de la Peña
>Assignee: Andres de la Peña
>Priority: Normal
> Time Spent: 50m
> Remaining Estimate: 0h
>
> Currently users are denied to view permissions to see a role they created:
> {code}
> CREATE ROLE parent WITH PASSWORD = 'x' AND LOGIN = true;
> GRANT CREATE ON ALL ROLES TO parent;
> LOGIN parent;
> CREATE ROLE child WITH PASSWORD = 'x' AND LOGIN = true;
> LIST ALL PERMISSIONS OF 'child'; -- You are not authorized to view child's
> permissions
> {code}
> When a user creates a role they should get the {{DESCRIBE}} permission on
> that role by default.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
-
To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org
For additional commands, e-mail: commits-h...@cassandra.apache.org
[jira] [Commented] (CASSANDRA-16902) A user should be able to view permissions of role they created
[
https://issues.apache.org/jira/browse/CASSANDRA-16902?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17434361#comment-17434361
]
Andres de la Peña commented on CASSANDRA-16902:
---
I have just updated the test for trunk for using the new authentication utils
added to {{CQLTester}} by CASSANDRA-17027 ([this
commit|https://github.com/apache/cassandra/pull/1179/commits/18fd301e916bc8b40a5c13e2eb8d4a6a2500413e]).
Those utils are only present in trunk, I wonder if we should port them back to
older branches.
> A user should be able to view permissions of role they created
> --
>
> Key: CASSANDRA-16902
> URL: https://issues.apache.org/jira/browse/CASSANDRA-16902
> Project: Cassandra
> Issue Type: Bug
> Components: Feature/Authorization
>Reporter: Andres de la Peña
>Assignee: Andres de la Peña
>Priority: Normal
> Time Spent: 50m
> Remaining Estimate: 0h
>
> Currently users are denied to view permissions to see a role they created:
> {code}
> CREATE ROLE parent WITH PASSWORD = 'x' AND LOGIN = true;
> GRANT CREATE ON ALL ROLES TO parent;
> LOGIN parent;
> CREATE ROLE child WITH PASSWORD = 'x' AND LOGIN = true;
> LIST ALL PERMISSIONS OF 'child'; -- You are not authorized to view child's
> permissions
> {code}
> When a user creates a role they should get the {{DESCRIBE}} permission on
> that role by default.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
-
To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org
For additional commands, e-mail: commits-h...@cassandra.apache.org
[jira] [Commented] (CASSANDRA-16902) A user should be able to view permissions of role they created
[
https://issues.apache.org/jira/browse/CASSANDRA-16902?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17428247#comment-17428247
]
Aleksei Zotov commented on CASSANDRA-16902:
---
[~blerer]
Oh ok, got it. I did not know it is blocked by something else. Sorry for
disturbing!
> A user should be able to view permissions of role they created
> --
>
> Key: CASSANDRA-16902
> URL: https://issues.apache.org/jira/browse/CASSANDRA-16902
> Project: Cassandra
> Issue Type: Bug
> Components: Feature/Authorization
>Reporter: Andres de la Peña
>Assignee: Andres de la Peña
>Priority: Normal
> Time Spent: 50m
> Remaining Estimate: 0h
>
> Currently users are denied to view permissions to see a role they created:
> {code}
> CREATE ROLE parent WITH PASSWORD = 'x' AND LOGIN = true;
> GRANT CREATE ON ALL ROLES TO parent;
> LOGIN parent;
> CREATE ROLE child WITH PASSWORD = 'x' AND LOGIN = true;
> LIST ALL PERMISSIONS OF 'child'; -- You are not authorized to view child's
> permissions
> {code}
> When a user creates a role they should get the {{DESCRIBE}} permission on
> that role by default.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
-
To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org
For additional commands, e-mail: commits-h...@cassandra.apache.org
[jira] [Commented] (CASSANDRA-16902) A user should be able to view permissions of role they created
[
https://issues.apache.org/jira/browse/CASSANDRA-16902?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17428201#comment-17428201
]
Benjamin Lerer commented on CASSANDRA-16902:
[~azotcsit] Sorry, I am the one blocking that issue. I had a discussion with
[~adelapena] about simplifying the unit tests but those simplification would
require the changes that are part of CASSANDRA-17027.
> A user should be able to view permissions of role they created
> --
>
> Key: CASSANDRA-16902
> URL: https://issues.apache.org/jira/browse/CASSANDRA-16902
> Project: Cassandra
> Issue Type: Bug
> Components: Feature/Authorization
>Reporter: Andres de la Peña
>Assignee: Andres de la Peña
>Priority: Normal
> Time Spent: 50m
> Remaining Estimate: 0h
>
> Currently users are denied to view permissions to see a role they created:
> {code}
> CREATE ROLE parent WITH PASSWORD = 'x' AND LOGIN = true;
> GRANT CREATE ON ALL ROLES TO parent;
> LOGIN parent;
> CREATE ROLE child WITH PASSWORD = 'x' AND LOGIN = true;
> LIST ALL PERMISSIONS OF 'child'; -- You are not authorized to view child's
> permissions
> {code}
> When a user creates a role they should get the {{DESCRIBE}} permission on
> that role by default.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
-
To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org
For additional commands, e-mail: commits-h...@cassandra.apache.org
[jira] [Commented] (CASSANDRA-16902) A user should be able to view permissions of role they created
[
https://issues.apache.org/jira/browse/CASSANDRA-16902?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17428025#comment-17428025
]
Aleksei Zotov commented on CASSANDRA-16902:
---
[~blerer] [~jmckenzie]
Would you mind reviewing this change? I'd like to get it merged to prevent
conflicts with CASSANDRA-16914.
> A user should be able to view permissions of role they created
> --
>
> Key: CASSANDRA-16902
> URL: https://issues.apache.org/jira/browse/CASSANDRA-16902
> Project: Cassandra
> Issue Type: Bug
> Components: Feature/Authorization
>Reporter: Andres de la Peña
>Assignee: Andres de la Peña
>Priority: Normal
> Time Spent: 50m
> Remaining Estimate: 0h
>
> Currently users are denied to view permissions to see a role they created:
> {code}
> CREATE ROLE parent WITH PASSWORD = 'x' AND LOGIN = true;
> GRANT CREATE ON ALL ROLES TO parent;
> LOGIN parent;
> CREATE ROLE child WITH PASSWORD = 'x' AND LOGIN = true;
> LIST ALL PERMISSIONS OF 'child'; -- You are not authorized to view child's
> permissions
> {code}
> When a user creates a role they should get the {{DESCRIBE}} permission on
> that role by default.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
-
To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org
For additional commands, e-mail: commits-h...@cassandra.apache.org
[jira] [Commented] (CASSANDRA-16902) A user should be able to view permissions of role they created
[
https://issues.apache.org/jira/browse/CASSANDRA-16902?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17422244#comment-17422244
]
Aleksei Zotov commented on CASSANDRA-16902:
---
All branches LGTM, +1.
> A user should be able to view permissions of role they created
> --
>
> Key: CASSANDRA-16902
> URL: https://issues.apache.org/jira/browse/CASSANDRA-16902
> Project: Cassandra
> Issue Type: Bug
> Components: Feature/Authorization
>Reporter: Andres de la Peña
>Assignee: Andres de la Peña
>Priority: Normal
> Time Spent: 50m
> Remaining Estimate: 0h
>
> Currently users are denied to view permissions to see a role they created:
> {code}
> CREATE ROLE parent WITH PASSWORD = 'x' AND LOGIN = true;
> GRANT CREATE ON ALL ROLES TO parent;
> LOGIN parent;
> CREATE ROLE child WITH PASSWORD = 'x' AND LOGIN = true;
> LIST ALL PERMISSIONS OF 'child'; -- You are not authorized to view child's
> permissions
> {code}
> When a user creates a role they should get the {{DESCRIBE}} permission on
> that role by default.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
-
To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org
For additional commands, e-mail: commits-h...@cassandra.apache.org
[jira] [Commented] (CASSANDRA-16902) A user should be able to view permissions of role they created
[
https://issues.apache.org/jira/browse/CASSANDRA-16902?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17422089#comment-17422089
]
Andres de la Peña commented on CASSANDRA-16902:
---
[~azotcsit] I have addressed you nits on the PR.
Not sure about whether we want to apply the patch to the other branches, since
this fix is almost a new feature. The patch applies quite cleanly to older
branches, the only problem is when applying the new unit test to 3.0 and 3.11.
Those branches don't have some of the testing improvements that weere done
during the 4.0 quality testing epic, so I think that for those branches we
could live with the dtest only:
||PR||CI||
|[3.0|https://github.com/apache/cassandra/pull/1233]|[j8|https://app.circleci.com/pipelines/github/adelapena/cassandra/919/workflows/55e1d060-e2ba-4a80-ae21-83ef1c0a9b08]|
|[3.11|https://github.com/apache/cassandra/pull/1234]|[j8|https://app.circleci.com/pipelines/github/adelapena/cassandra/920/workflows/ce1d7490-1df8-47b4-a52f-3c719f271935]|
|[4.0|https://github.com/apache/cassandra/pull/1235]|[j8|https://app.circleci.com/pipelines/github/adelapena/cassandra/918/workflows/cdb716ee-168c-4db7-bccd-9120b71206c2],
[j11|https://app.circleci.com/pipelines/github/adelapena/cassandra/918/workflows/3252a7db-5169-4701-b9b0-98c6ab5501f0]|
|[trunk|https://github.com/apache/cassandra/pull/1179]|[j8|https://app.circleci.com/pipelines/github/adelapena/cassandra/921/workflows/ed49dd91-cc79-46fb-8c04-2cab95b8509a],
[j11|https://app.circleci.com/pipelines/github/adelapena/cassandra/921/workflows/7dd7d9f1-a16e-4c6f-88d9-34ec0abdedc2]|
|[dtest|https://github.com/apache/cassandra-dtest/pull/157]|
> A user should be able to view permissions of role they created
> --
>
> Key: CASSANDRA-16902
> URL: https://issues.apache.org/jira/browse/CASSANDRA-16902
> Project: Cassandra
> Issue Type: Bug
> Components: Feature/Authorization
>Reporter: Andres de la Peña
>Assignee: Andres de la Peña
>Priority: Normal
> Time Spent: 50m
> Remaining Estimate: 0h
>
> Currently users are denied to view permissions to see a role they created:
> {code}
> CREATE ROLE parent WITH PASSWORD = 'x' AND LOGIN = true;
> GRANT CREATE ON ALL ROLES TO parent;
> LOGIN parent;
> CREATE ROLE child WITH PASSWORD = 'x' AND LOGIN = true;
> LIST ALL PERMISSIONS OF 'child'; -- You are not authorized to view child's
> permissions
> {code}
> When a user creates a role they should get the {{DESCRIBE}} permission on
> that role by default.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
-
To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org
For additional commands, e-mail: commits-h...@cassandra.apache.org
[jira] [Commented] (CASSANDRA-16902) A user should be able to view permissions of role they created
[
https://issues.apache.org/jira/browse/CASSANDRA-16902?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17421568#comment-17421568
]
Aleksei Zotov commented on CASSANDRA-16902:
---
[~adelapena] I put a couple of nits to the PR, but it's up to you whether
address them or not. _trunk_ branch LGTM.
The question is: are we going to fix this issue in other branches? I feel it
makes sense to do it starting from 3.0, but I'm not totally sure. Probably
[~blerer] can help to determine that.
> A user should be able to view permissions of role they created
> --
>
> Key: CASSANDRA-16902
> URL: https://issues.apache.org/jira/browse/CASSANDRA-16902
> Project: Cassandra
> Issue Type: Bug
> Components: Feature/Authorization
>Reporter: Andres de la Peña
>Assignee: Andres de la Peña
>Priority: Normal
> Time Spent: 40m
> Remaining Estimate: 0h
>
> Currently users are denied to view permissions to see a role they created:
> {code}
> CREATE ROLE parent WITH PASSWORD = 'x' AND LOGIN = true;
> GRANT CREATE ON ALL ROLES TO parent;
> LOGIN parent;
> CREATE ROLE child WITH PASSWORD = 'x' AND LOGIN = true;
> LIST ALL PERMISSIONS OF 'child'; -- You are not authorized to view child's
> permissions
> {code}
> When a user creates a role they should get the {{DESCRIBE}} permission on
> that role by default.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
-
To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org
For additional commands, e-mail: commits-h...@cassandra.apache.org
[jira] [Commented] (CASSANDRA-16902) A user should be able to view permissions of role they created
[
https://issues.apache.org/jira/browse/CASSANDRA-16902?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17421462#comment-17421462
]
Andres de la Peña commented on CASSANDRA-16902:
---
[~azotcsit] thanks for the review. Keeping the authorization logic in
{{CassandraAuthorizer}} makes sense to me, and the new unit test looks nice. I
have incorporated you changes to the PR with minimal modifications. I have also
extended the test to exercise the authorization exception.
||PR||CI||
|[trunk|https://github.com/apache/cassandra/pull/1179]|[j8|https://app.circleci.com/pipelines/github/adelapena/cassandra/913/workflows/24c1e434-08a3-45d0-95f7-7182f34d80cf]
[j11|https://app.circleci.com/pipelines/github/adelapena/cassandra/913/workflows/40bf1a55-0ee1-4f15-939a-7072f7c0b3f3]|
|[dtest|https://github.com/apache/cassandra-dtest/pull/157]|
> A user should be able to view permissions of role they created
> --
>
> Key: CASSANDRA-16902
> URL: https://issues.apache.org/jira/browse/CASSANDRA-16902
> Project: Cassandra
> Issue Type: Bug
> Components: Feature/Authorization
>Reporter: Andres de la Peña
>Assignee: Andres de la Peña
>Priority: Normal
> Time Spent: 0.5h
> Remaining Estimate: 0h
>
> Currently users are denied to view permissions to see a role they created:
> {code}
> CREATE ROLE parent WITH PASSWORD = 'x' AND LOGIN = true;
> GRANT CREATE ON ALL ROLES TO parent;
> LOGIN parent;
> CREATE ROLE child WITH PASSWORD = 'x' AND LOGIN = true;
> LIST ALL PERMISSIONS OF 'child'; -- You are not authorized to view child's
> permissions
> {code}
> When a user creates a role they should get the {{DESCRIBE}} permission on
> that role by default.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
-
To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org
For additional commands, e-mail: commits-h...@cassandra.apache.org
[jira] [Commented] (CASSANDRA-16902) A user should be able to view permissions of role they created
[
https://issues.apache.org/jira/browse/CASSANDRA-16902?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17419745#comment-17419745
]
Aleksei Zotov commented on CASSANDRA-16902:
---
[~adelapena]
I put some comment to the PR, please, check them out and let me know your
thoughts.
The main points:
# do we want to keep authorization logic in {{CassandraAuthorizer}} or move to
{{ListPermissionsStatement}}? I feel moving makes sense, but I'd move it to
{{authorize}} method then.
# I wrote a unit test (while trying to figure out what is going on), could
you, please, check it and incorporate to the PR if it looks good to you.
You can find the unit test and other changes I'm referring to in the PR
comments here:
https://github.com/azotcsit/cassandra/commit/4ee78c216c1f4e03f55174c9f2d7b86385bbbd3d
> A user should be able to view permissions of role they created
> --
>
> Key: CASSANDRA-16902
> URL: https://issues.apache.org/jira/browse/CASSANDRA-16902
> Project: Cassandra
> Issue Type: Bug
> Components: Feature/Authorization
>Reporter: Andres de la Peña
>Assignee: Andres de la Peña
>Priority: Normal
> Time Spent: 20m
> Remaining Estimate: 0h
>
> Currently users are denied to view permissions to see a role they created:
> {code}
> CREATE ROLE parent WITH PASSWORD = 'x' AND LOGIN = true;
> GRANT CREATE ON ALL ROLES TO parent;
> LOGIN parent;
> CREATE ROLE child WITH PASSWORD = 'x' AND LOGIN = true;
> LIST ALL PERMISSIONS OF 'child'; -- You are not authorized to view child's
> permissions
> {code}
> When a user creates a role they should get the {{DESCRIBE}} permission on
> that role by default.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
-
To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org
For additional commands, e-mail: commits-h...@cassandra.apache.org
[jira] [Commented] (CASSANDRA-16902) A user should be able to view permissions of role they created
[
https://issues.apache.org/jira/browse/CASSANDRA-16902?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17407313#comment-17407313
]
Andres de la Peña commented on CASSANDRA-16902:
---
The proposed patch add {{DESCRIBE}} permissions to roles:
||PR||CI||
|[trunk|https://github.com/apache/cassandra/pull/1179]|[j8|https://app.circleci.com/pipelines/github/adelapena/cassandra/812/workflows/8727c0e0-2b78-4320-9e71-b2e93eee695d]
[j11|https://app.circleci.com/pipelines/github/adelapena/cassandra/812/workflows/37bc1376-00af-4822-82f7-0e09b45765cd]|
|[dtest|https://github.com/apache/cassandra-dtest/pull/157]|
Probably we should apply this fix to older branches.
All praise to [~snazy], who is the original author of the patch.
> A user should be able to view permissions of role they created
> --
>
> Key: CASSANDRA-16902
> URL: https://issues.apache.org/jira/browse/CASSANDRA-16902
> Project: Cassandra
> Issue Type: Bug
> Components: Feature/Authorization
>Reporter: Andres de la Peña
>Assignee: Andres de la Peña
>Priority: Normal
>
> Currently users are denied to view permissions to see a role they created:
> {code}
> CREATE ROLE parent WITH PASSWORD = 'x' AND LOGIN = true;
> GRANT CREATE ON ALL ROLES TO parent;
> LOGIN parent;
> CREATE ROLE child WITH PASSWORD = 'x' AND LOGIN = true;
> LIST ALL PERMISSIONS OF 'child'; -- You are not authorized to view child's
> permissions
> {code}
> When a user creates a role they should get the {{DESCRIBE}} permission on
> that role by default.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
-
To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org
For additional commands, e-mail: commits-h...@cassandra.apache.org
