[CASSANDRA-16902] A user should be able to view permissions of role they created - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: Normal
Resolution: Fixed
Fix Version/s: 3.0.26, 3.11.12, 4.0.2, 4.1-alpha1, 4.1
Component/s: Feature/Authorization
Labels:
None

Bug Category:
Code - Bug - Unclear Impact
Severity:
Low
Complexity:
Normal
Discovered By:
User Report
Platform:

All
Impacts:

None
Since Version:

NA
Source Control Link:

https://github.com/apache/cassandra/commit/969531a113530eb87d5ea350aa005abc946a5152
Test and Documentation Plan:

Hide

Dtests are modified to reflect the changes in permissions

Show
Dtests are modified to reflect the changes in permissions

Description

Currently users are denied to view permissions to see a role they created:

CREATE ROLE parent WITH PASSWORD = 'x' AND LOGIN = true;
GRANT CREATE ON ALL ROLES TO parent;
LOGIN parent;
CREATE ROLE child WITH PASSWORD = 'x' AND LOGIN = true;
LIST ALL PERMISSIONS OF 'child'; -- You are not authorized to view child's permissions

When a user creates a role they should get the DESCRIBE permission on that role by default.

Attachments

Activity

People

Assignee:: Andres de la Peña

Reporter:: Andres de la Peña

Authors:: Andres de la Peña

Reviewers:: Aleksei Zotov, Benjamin Lerer

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 31/Aug/21 12:28

Updated:: 27/May/22 19:24

Resolved:: 27/Oct/21 17:30

Time Tracking

Estimated:

Not Specified

Remaining:

0h

Logged:

1.5h