[jira] [Commented] (CASSANDRA-16902) A user should be able to view permissions of role they created
[ https://issues.apache.org/jira/browse/CASSANDRA-16902?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17434981#comment-17434981 ] Andres de la Peña commented on CASSANDRA-16902: --- Committed to 3.0 as [969531a113530eb87d5ea350aa005abc946a5152|https://github.com/apache/cassandra/commit/969531a113530eb87d5ea350aa005abc946a5152] and merged to [3.11|https://github.com/apache/cassandra/commit/3d74cad35f94eaa2003c51e9755d5c71adb093f6], [4.0|https://github.com/apache/cassandra/commit/6c9d5abbc56c043b8d89232bbc2d145482e297c3] and [trunk|https://github.com/apache/cassandra/commit/d21e0dd8461e7ab9ce41ad4ee58e75134dc918ab]. Dtest changes committed as [027eb0dbc6b71f547f156c05fad0b418939e4d92|https://github.com/apache/cassandra-dtest/commit/027eb0dbc6b71f547f156c05fad0b418939e4d92]. Thanks for the reviews. > A user should be able to view permissions of role they created > -- > > Key: CASSANDRA-16902 > URL: https://issues.apache.org/jira/browse/CASSANDRA-16902 > Project: Cassandra > Issue Type: Bug > Components: Feature/Authorization >Reporter: Andres de la Peña >Assignee: Andres de la Peña >Priority: Normal > Time Spent: 50m > Remaining Estimate: 0h > > Currently users are denied to view permissions to see a role they created: > {code} > CREATE ROLE parent WITH PASSWORD = 'x' AND LOGIN = true; > GRANT CREATE ON ALL ROLES TO parent; > LOGIN parent; > CREATE ROLE child WITH PASSWORD = 'x' AND LOGIN = true; > LIST ALL PERMISSIONS OF 'child'; -- You are not authorized to view child's > permissions > {code} > When a user creates a role they should get the {{DESCRIBE}} permission on > that role by default. -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org For additional commands, e-mail: commits-h...@cassandra.apache.org
[jira] [Commented] (CASSANDRA-16902) A user should be able to view permissions of role they created
[ https://issues.apache.org/jira/browse/CASSANDRA-16902?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17434530#comment-17434530 ] Aleksei Zotov commented on CASSANDRA-16902: --- The updated patch LGTM, +1. > A user should be able to view permissions of role they created > -- > > Key: CASSANDRA-16902 > URL: https://issues.apache.org/jira/browse/CASSANDRA-16902 > Project: Cassandra > Issue Type: Bug > Components: Feature/Authorization >Reporter: Andres de la Peña >Assignee: Andres de la Peña >Priority: Normal > Time Spent: 50m > Remaining Estimate: 0h > > Currently users are denied to view permissions to see a role they created: > {code} > CREATE ROLE parent WITH PASSWORD = 'x' AND LOGIN = true; > GRANT CREATE ON ALL ROLES TO parent; > LOGIN parent; > CREATE ROLE child WITH PASSWORD = 'x' AND LOGIN = true; > LIST ALL PERMISSIONS OF 'child'; -- You are not authorized to view child's > permissions > {code} > When a user creates a role they should get the {{DESCRIBE}} permission on > that role by default. -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org For additional commands, e-mail: commits-h...@cassandra.apache.org
[jira] [Commented] (CASSANDRA-16902) A user should be able to view permissions of role they created
[ https://issues.apache.org/jira/browse/CASSANDRA-16902?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17434468#comment-17434468 ] Andres de la Peña commented on CASSANDRA-16902: --- I also think that we don't need to port back those test improvements. Besides CASSANDRA-17027, we would also need some stuff from CASSANDRA-16918, CASSANDRA-16404 and CASSANDRA-14497, and I'm not sure that is a good idea to apply so many changes to the relatively stable older branches for a mainly cosmetic improvement. Here is a final CI round after rebase, including repeated runs of the new/modified tests: ||PR||CI|| |[3.0|https://github.com/apache/cassandra/pull/1233]|[j8|https://app.circleci.com/pipelines/github/adelapena/cassandra/1085/workflows/299084af-60a7-4637-9448-6eb62e7b36ba]| |[3.11|https://github.com/apache/cassandra/pull/1234]|[j8|https://app.circleci.com/pipelines/github/adelapena/cassandra/1086/workflows/935b5a9c-b2da-42b1-a224-573f6d387c31]| |[4.0|https://github.com/apache/cassandra/pull/1235]|[j8|https://app.circleci.com/pipelines/github/adelapena/cassandra/1088/workflows/1f421ce7-f6ad-41e8-8ee4-4726b716e279] [j11|https://app.circleci.com/pipelines/github/adelapena/cassandra/1088/workflows/a1de585a-aa03-4d1b-a9ca-07e660f86ea9]| |[trunk|https://github.com/apache/cassandra/pull/1179]|[j8|https://app.circleci.com/pipelines/github/adelapena/cassandra/1087/workflows/af2ce406-b50e-4e67-828f-5bc96ed12eb8] [j11|https://app.circleci.com/pipelines/github/adelapena/cassandra/1087/workflows/3a6f102a-1827-42b3-978c-8fc12b221033]| |[dtest|https://github.com/apache/cassandra-dtest/pull/157]| > A user should be able to view permissions of role they created > -- > > Key: CASSANDRA-16902 > URL: https://issues.apache.org/jira/browse/CASSANDRA-16902 > Project: Cassandra > Issue Type: Bug > Components: Feature/Authorization >Reporter: Andres de la Peña >Assignee: Andres de la Peña >Priority: Normal > Time Spent: 50m > Remaining Estimate: 0h > > Currently users are denied to view permissions to see a role they created: > {code} > CREATE ROLE parent WITH PASSWORD = 'x' AND LOGIN = true; > GRANT CREATE ON ALL ROLES TO parent; > LOGIN parent; > CREATE ROLE child WITH PASSWORD = 'x' AND LOGIN = true; > LIST ALL PERMISSIONS OF 'child'; -- You are not authorized to view child's > permissions > {code} > When a user creates a role they should get the {{DESCRIBE}} permission on > that role by default. -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org For additional commands, e-mail: commits-h...@cassandra.apache.org
[jira] [Commented] (CASSANDRA-16902) A user should be able to view permissions of role they created
[ https://issues.apache.org/jira/browse/CASSANDRA-16902?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17434406#comment-17434406 ] Benjamin Lerer commented on CASSANDRA-16902: The patch looks good to me. {quote}Those utils are only present in trunk, I wonder if we should port them back to older branches.{quote} I do not feel a real need for it but I am also not against it if you believe that it makes sense. > A user should be able to view permissions of role they created > -- > > Key: CASSANDRA-16902 > URL: https://issues.apache.org/jira/browse/CASSANDRA-16902 > Project: Cassandra > Issue Type: Bug > Components: Feature/Authorization >Reporter: Andres de la Peña >Assignee: Andres de la Peña >Priority: Normal > Time Spent: 50m > Remaining Estimate: 0h > > Currently users are denied to view permissions to see a role they created: > {code} > CREATE ROLE parent WITH PASSWORD = 'x' AND LOGIN = true; > GRANT CREATE ON ALL ROLES TO parent; > LOGIN parent; > CREATE ROLE child WITH PASSWORD = 'x' AND LOGIN = true; > LIST ALL PERMISSIONS OF 'child'; -- You are not authorized to view child's > permissions > {code} > When a user creates a role they should get the {{DESCRIBE}} permission on > that role by default. -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org For additional commands, e-mail: commits-h...@cassandra.apache.org
[jira] [Commented] (CASSANDRA-16902) A user should be able to view permissions of role they created
[ https://issues.apache.org/jira/browse/CASSANDRA-16902?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17434361#comment-17434361 ] Andres de la Peña commented on CASSANDRA-16902: --- I have just updated the test for trunk for using the new authentication utils added to {{CQLTester}} by CASSANDRA-17027 ([this commit|https://github.com/apache/cassandra/pull/1179/commits/18fd301e916bc8b40a5c13e2eb8d4a6a2500413e]). Those utils are only present in trunk, I wonder if we should port them back to older branches. > A user should be able to view permissions of role they created > -- > > Key: CASSANDRA-16902 > URL: https://issues.apache.org/jira/browse/CASSANDRA-16902 > Project: Cassandra > Issue Type: Bug > Components: Feature/Authorization >Reporter: Andres de la Peña >Assignee: Andres de la Peña >Priority: Normal > Time Spent: 50m > Remaining Estimate: 0h > > Currently users are denied to view permissions to see a role they created: > {code} > CREATE ROLE parent WITH PASSWORD = 'x' AND LOGIN = true; > GRANT CREATE ON ALL ROLES TO parent; > LOGIN parent; > CREATE ROLE child WITH PASSWORD = 'x' AND LOGIN = true; > LIST ALL PERMISSIONS OF 'child'; -- You are not authorized to view child's > permissions > {code} > When a user creates a role they should get the {{DESCRIBE}} permission on > that role by default. -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org For additional commands, e-mail: commits-h...@cassandra.apache.org
[jira] [Commented] (CASSANDRA-16902) A user should be able to view permissions of role they created
[ https://issues.apache.org/jira/browse/CASSANDRA-16902?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17428247#comment-17428247 ] Aleksei Zotov commented on CASSANDRA-16902: --- [~blerer] Oh ok, got it. I did not know it is blocked by something else. Sorry for disturbing! > A user should be able to view permissions of role they created > -- > > Key: CASSANDRA-16902 > URL: https://issues.apache.org/jira/browse/CASSANDRA-16902 > Project: Cassandra > Issue Type: Bug > Components: Feature/Authorization >Reporter: Andres de la Peña >Assignee: Andres de la Peña >Priority: Normal > Time Spent: 50m > Remaining Estimate: 0h > > Currently users are denied to view permissions to see a role they created: > {code} > CREATE ROLE parent WITH PASSWORD = 'x' AND LOGIN = true; > GRANT CREATE ON ALL ROLES TO parent; > LOGIN parent; > CREATE ROLE child WITH PASSWORD = 'x' AND LOGIN = true; > LIST ALL PERMISSIONS OF 'child'; -- You are not authorized to view child's > permissions > {code} > When a user creates a role they should get the {{DESCRIBE}} permission on > that role by default. -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org For additional commands, e-mail: commits-h...@cassandra.apache.org
[jira] [Commented] (CASSANDRA-16902) A user should be able to view permissions of role they created
[ https://issues.apache.org/jira/browse/CASSANDRA-16902?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17428201#comment-17428201 ] Benjamin Lerer commented on CASSANDRA-16902: [~azotcsit] Sorry, I am the one blocking that issue. I had a discussion with [~adelapena] about simplifying the unit tests but those simplification would require the changes that are part of CASSANDRA-17027. > A user should be able to view permissions of role they created > -- > > Key: CASSANDRA-16902 > URL: https://issues.apache.org/jira/browse/CASSANDRA-16902 > Project: Cassandra > Issue Type: Bug > Components: Feature/Authorization >Reporter: Andres de la Peña >Assignee: Andres de la Peña >Priority: Normal > Time Spent: 50m > Remaining Estimate: 0h > > Currently users are denied to view permissions to see a role they created: > {code} > CREATE ROLE parent WITH PASSWORD = 'x' AND LOGIN = true; > GRANT CREATE ON ALL ROLES TO parent; > LOGIN parent; > CREATE ROLE child WITH PASSWORD = 'x' AND LOGIN = true; > LIST ALL PERMISSIONS OF 'child'; -- You are not authorized to view child's > permissions > {code} > When a user creates a role they should get the {{DESCRIBE}} permission on > that role by default. -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org For additional commands, e-mail: commits-h...@cassandra.apache.org
[jira] [Commented] (CASSANDRA-16902) A user should be able to view permissions of role they created
[ https://issues.apache.org/jira/browse/CASSANDRA-16902?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17428025#comment-17428025 ] Aleksei Zotov commented on CASSANDRA-16902: --- [~blerer] [~jmckenzie] Would you mind reviewing this change? I'd like to get it merged to prevent conflicts with CASSANDRA-16914. > A user should be able to view permissions of role they created > -- > > Key: CASSANDRA-16902 > URL: https://issues.apache.org/jira/browse/CASSANDRA-16902 > Project: Cassandra > Issue Type: Bug > Components: Feature/Authorization >Reporter: Andres de la Peña >Assignee: Andres de la Peña >Priority: Normal > Time Spent: 50m > Remaining Estimate: 0h > > Currently users are denied to view permissions to see a role they created: > {code} > CREATE ROLE parent WITH PASSWORD = 'x' AND LOGIN = true; > GRANT CREATE ON ALL ROLES TO parent; > LOGIN parent; > CREATE ROLE child WITH PASSWORD = 'x' AND LOGIN = true; > LIST ALL PERMISSIONS OF 'child'; -- You are not authorized to view child's > permissions > {code} > When a user creates a role they should get the {{DESCRIBE}} permission on > that role by default. -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org For additional commands, e-mail: commits-h...@cassandra.apache.org
[jira] [Commented] (CASSANDRA-16902) A user should be able to view permissions of role they created
[ https://issues.apache.org/jira/browse/CASSANDRA-16902?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17422244#comment-17422244 ] Aleksei Zotov commented on CASSANDRA-16902: --- All branches LGTM, +1. > A user should be able to view permissions of role they created > -- > > Key: CASSANDRA-16902 > URL: https://issues.apache.org/jira/browse/CASSANDRA-16902 > Project: Cassandra > Issue Type: Bug > Components: Feature/Authorization >Reporter: Andres de la Peña >Assignee: Andres de la Peña >Priority: Normal > Time Spent: 50m > Remaining Estimate: 0h > > Currently users are denied to view permissions to see a role they created: > {code} > CREATE ROLE parent WITH PASSWORD = 'x' AND LOGIN = true; > GRANT CREATE ON ALL ROLES TO parent; > LOGIN parent; > CREATE ROLE child WITH PASSWORD = 'x' AND LOGIN = true; > LIST ALL PERMISSIONS OF 'child'; -- You are not authorized to view child's > permissions > {code} > When a user creates a role they should get the {{DESCRIBE}} permission on > that role by default. -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org For additional commands, e-mail: commits-h...@cassandra.apache.org
[jira] [Commented] (CASSANDRA-16902) A user should be able to view permissions of role they created
[ https://issues.apache.org/jira/browse/CASSANDRA-16902?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17422089#comment-17422089 ] Andres de la Peña commented on CASSANDRA-16902: --- [~azotcsit] I have addressed you nits on the PR. Not sure about whether we want to apply the patch to the other branches, since this fix is almost a new feature. The patch applies quite cleanly to older branches, the only problem is when applying the new unit test to 3.0 and 3.11. Those branches don't have some of the testing improvements that weere done during the 4.0 quality testing epic, so I think that for those branches we could live with the dtest only: ||PR||CI|| |[3.0|https://github.com/apache/cassandra/pull/1233]|[j8|https://app.circleci.com/pipelines/github/adelapena/cassandra/919/workflows/55e1d060-e2ba-4a80-ae21-83ef1c0a9b08]| |[3.11|https://github.com/apache/cassandra/pull/1234]|[j8|https://app.circleci.com/pipelines/github/adelapena/cassandra/920/workflows/ce1d7490-1df8-47b4-a52f-3c719f271935]| |[4.0|https://github.com/apache/cassandra/pull/1235]|[j8|https://app.circleci.com/pipelines/github/adelapena/cassandra/918/workflows/cdb716ee-168c-4db7-bccd-9120b71206c2], [j11|https://app.circleci.com/pipelines/github/adelapena/cassandra/918/workflows/3252a7db-5169-4701-b9b0-98c6ab5501f0]| |[trunk|https://github.com/apache/cassandra/pull/1179]|[j8|https://app.circleci.com/pipelines/github/adelapena/cassandra/921/workflows/ed49dd91-cc79-46fb-8c04-2cab95b8509a], [j11|https://app.circleci.com/pipelines/github/adelapena/cassandra/921/workflows/7dd7d9f1-a16e-4c6f-88d9-34ec0abdedc2]| |[dtest|https://github.com/apache/cassandra-dtest/pull/157]| > A user should be able to view permissions of role they created > -- > > Key: CASSANDRA-16902 > URL: https://issues.apache.org/jira/browse/CASSANDRA-16902 > Project: Cassandra > Issue Type: Bug > Components: Feature/Authorization >Reporter: Andres de la Peña >Assignee: Andres de la Peña >Priority: Normal > Time Spent: 50m > Remaining Estimate: 0h > > Currently users are denied to view permissions to see a role they created: > {code} > CREATE ROLE parent WITH PASSWORD = 'x' AND LOGIN = true; > GRANT CREATE ON ALL ROLES TO parent; > LOGIN parent; > CREATE ROLE child WITH PASSWORD = 'x' AND LOGIN = true; > LIST ALL PERMISSIONS OF 'child'; -- You are not authorized to view child's > permissions > {code} > When a user creates a role they should get the {{DESCRIBE}} permission on > that role by default. -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org For additional commands, e-mail: commits-h...@cassandra.apache.org
[jira] [Commented] (CASSANDRA-16902) A user should be able to view permissions of role they created
[ https://issues.apache.org/jira/browse/CASSANDRA-16902?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17421568#comment-17421568 ] Aleksei Zotov commented on CASSANDRA-16902: --- [~adelapena] I put a couple of nits to the PR, but it's up to you whether address them or not. _trunk_ branch LGTM. The question is: are we going to fix this issue in other branches? I feel it makes sense to do it starting from 3.0, but I'm not totally sure. Probably [~blerer] can help to determine that. > A user should be able to view permissions of role they created > -- > > Key: CASSANDRA-16902 > URL: https://issues.apache.org/jira/browse/CASSANDRA-16902 > Project: Cassandra > Issue Type: Bug > Components: Feature/Authorization >Reporter: Andres de la Peña >Assignee: Andres de la Peña >Priority: Normal > Time Spent: 40m > Remaining Estimate: 0h > > Currently users are denied to view permissions to see a role they created: > {code} > CREATE ROLE parent WITH PASSWORD = 'x' AND LOGIN = true; > GRANT CREATE ON ALL ROLES TO parent; > LOGIN parent; > CREATE ROLE child WITH PASSWORD = 'x' AND LOGIN = true; > LIST ALL PERMISSIONS OF 'child'; -- You are not authorized to view child's > permissions > {code} > When a user creates a role they should get the {{DESCRIBE}} permission on > that role by default. -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org For additional commands, e-mail: commits-h...@cassandra.apache.org
[jira] [Commented] (CASSANDRA-16902) A user should be able to view permissions of role they created
[ https://issues.apache.org/jira/browse/CASSANDRA-16902?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17421462#comment-17421462 ] Andres de la Peña commented on CASSANDRA-16902: --- [~azotcsit] thanks for the review. Keeping the authorization logic in {{CassandraAuthorizer}} makes sense to me, and the new unit test looks nice. I have incorporated you changes to the PR with minimal modifications. I have also extended the test to exercise the authorization exception. ||PR||CI|| |[trunk|https://github.com/apache/cassandra/pull/1179]|[j8|https://app.circleci.com/pipelines/github/adelapena/cassandra/913/workflows/24c1e434-08a3-45d0-95f7-7182f34d80cf] [j11|https://app.circleci.com/pipelines/github/adelapena/cassandra/913/workflows/40bf1a55-0ee1-4f15-939a-7072f7c0b3f3]| |[dtest|https://github.com/apache/cassandra-dtest/pull/157]| > A user should be able to view permissions of role they created > -- > > Key: CASSANDRA-16902 > URL: https://issues.apache.org/jira/browse/CASSANDRA-16902 > Project: Cassandra > Issue Type: Bug > Components: Feature/Authorization >Reporter: Andres de la Peña >Assignee: Andres de la Peña >Priority: Normal > Time Spent: 0.5h > Remaining Estimate: 0h > > Currently users are denied to view permissions to see a role they created: > {code} > CREATE ROLE parent WITH PASSWORD = 'x' AND LOGIN = true; > GRANT CREATE ON ALL ROLES TO parent; > LOGIN parent; > CREATE ROLE child WITH PASSWORD = 'x' AND LOGIN = true; > LIST ALL PERMISSIONS OF 'child'; -- You are not authorized to view child's > permissions > {code} > When a user creates a role they should get the {{DESCRIBE}} permission on > that role by default. -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org For additional commands, e-mail: commits-h...@cassandra.apache.org
[jira] [Commented] (CASSANDRA-16902) A user should be able to view permissions of role they created
[ https://issues.apache.org/jira/browse/CASSANDRA-16902?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17419745#comment-17419745 ] Aleksei Zotov commented on CASSANDRA-16902: --- [~adelapena] I put some comment to the PR, please, check them out and let me know your thoughts. The main points: # do we want to keep authorization logic in {{CassandraAuthorizer}} or move to {{ListPermissionsStatement}}? I feel moving makes sense, but I'd move it to {{authorize}} method then. # I wrote a unit test (while trying to figure out what is going on), could you, please, check it and incorporate to the PR if it looks good to you. You can find the unit test and other changes I'm referring to in the PR comments here: https://github.com/azotcsit/cassandra/commit/4ee78c216c1f4e03f55174c9f2d7b86385bbbd3d > A user should be able to view permissions of role they created > -- > > Key: CASSANDRA-16902 > URL: https://issues.apache.org/jira/browse/CASSANDRA-16902 > Project: Cassandra > Issue Type: Bug > Components: Feature/Authorization >Reporter: Andres de la Peña >Assignee: Andres de la Peña >Priority: Normal > Time Spent: 20m > Remaining Estimate: 0h > > Currently users are denied to view permissions to see a role they created: > {code} > CREATE ROLE parent WITH PASSWORD = 'x' AND LOGIN = true; > GRANT CREATE ON ALL ROLES TO parent; > LOGIN parent; > CREATE ROLE child WITH PASSWORD = 'x' AND LOGIN = true; > LIST ALL PERMISSIONS OF 'child'; -- You are not authorized to view child's > permissions > {code} > When a user creates a role they should get the {{DESCRIBE}} permission on > that role by default. -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org For additional commands, e-mail: commits-h...@cassandra.apache.org
[jira] [Commented] (CASSANDRA-16902) A user should be able to view permissions of role they created
[ https://issues.apache.org/jira/browse/CASSANDRA-16902?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17407313#comment-17407313 ] Andres de la Peña commented on CASSANDRA-16902: --- The proposed patch add {{DESCRIBE}} permissions to roles: ||PR||CI|| |[trunk|https://github.com/apache/cassandra/pull/1179]|[j8|https://app.circleci.com/pipelines/github/adelapena/cassandra/812/workflows/8727c0e0-2b78-4320-9e71-b2e93eee695d] [j11|https://app.circleci.com/pipelines/github/adelapena/cassandra/812/workflows/37bc1376-00af-4822-82f7-0e09b45765cd]| |[dtest|https://github.com/apache/cassandra-dtest/pull/157]| Probably we should apply this fix to older branches. All praise to [~snazy], who is the original author of the patch. > A user should be able to view permissions of role they created > -- > > Key: CASSANDRA-16902 > URL: https://issues.apache.org/jira/browse/CASSANDRA-16902 > Project: Cassandra > Issue Type: Bug > Components: Feature/Authorization >Reporter: Andres de la Peña >Assignee: Andres de la Peña >Priority: Normal > > Currently users are denied to view permissions to see a role they created: > {code} > CREATE ROLE parent WITH PASSWORD = 'x' AND LOGIN = true; > GRANT CREATE ON ALL ROLES TO parent; > LOGIN parent; > CREATE ROLE child WITH PASSWORD = 'x' AND LOGIN = true; > LIST ALL PERMISSIONS OF 'child'; -- You are not authorized to view child's > permissions > {code} > When a user creates a role they should get the {{DESCRIBE}} permission on > that role by default. -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org For additional commands, e-mail: commits-h...@cassandra.apache.org