The PermissionCache is refreshed in the background every permissions_update_interval_in_ms by looking up cassandra tables. This background refresher assumes the called methods to throw exception on cassandra failures. In such cases, it just serves the stale entry until the next refresh happens.
CassandraAuthorizer.authorize is throwing exception when it fails to lookup system_auth.users table. However when lookup on system_auth.permissions table fails, it swallows the exception and returns PERMISSION.NONE. In that case, the cache thinks that permission was revoked for the user until the next refresh succeeds. All the requests to that user on that cassandra instance fail incorrectly till the next refresh succeeds. This is bad.
CassandraAuthorizer.authorize must throw exception when lookup of any auth table fails.
I have attached a patch for cassandra 2.0 branch.