[CASSANDRA-17558] Add guardrail to disallow DROP or TRUNCATE TABLE commands for non superuser accounts - ASF JIRA

XML

Word

Printable

JSON

Details

Type: New Feature
Status: Resolved
Priority: Normal
Resolution: Fixed
Fix Version/s: 4.1-alpha1, 4.1
Component/s: Feature/Guardrails
Labels:
None

Change Category:
Operability
Complexity:
Normal
Platform:

All
Impacts:

None
Source Control Link:

https://gitbox.apache.org/repos/asf?p=cassandra.git;a=commit;h=6bd373f5d27754f80384caa31d1b2a4cfc43bc19
Test and Documentation Plan:

Hide

New unit testing

Show
New unit testing

Description

While this can also be accomplished via roles, there's value in having a cluster-wide "all role ban" on specific operations that operators can configure for clusters that have need of those settings.

In this case, we want the ability to completely disallow DROP or TRUNCATE TABLE commands so users cannot inadvertently throw away data and operators don't have to runbook managing roles to ensure that this functionality doesn't leak through.

Attachments

Issue Links

relates to

CASSANDRA-17592 Rename truncate_drop guardrail to drop_truncate_table

Resolved

Activity

People

Assignee:: Josh McKenzie

Reporter:: Josh McKenzie

Authors:: Josh McKenzie

Reviewers:: Aleksey Yeschenko

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Dates

Created:: 18/Apr/22 16:15

Updated:: 27/May/22 19:24

Resolved:: 27/Apr/22 15:53