Uploaded image for project: 'Apache Cassandra'
  1. Apache Cassandra
  2. CASSANDRA-6304

Better handling of authorization for User Types

    XMLWordPrintableJSON

Details

    • New Feature
    • Status: Resolved
    • Normal
    • Resolution: Not A Problem
    • 2.1 beta1
    • None
    • None

    Description

      Currently, we require CREATE/ALTER/DROP on ALL KEYSPACES, which is a bit excessive, and not entirely correct (but is the best we can do atm).

      We should:
      1. create a new IResource implementation for user types (TypeResource)
      2. extend CQL3 GRANT/REVOKE to allow CREATE/ALTER/DROP on (ALL TYPES|TYPE <name>)
      3. require CREATE/ALTER/DROP permissions instead of requiring all keyspace access

      We could (should?) optionally require ALTER permission on the columnfamilies affected by ALTER TYPE. Not sure about this?

      We also don't currently allow dropping a type that's in use by a CF. So someone might start using a type in the cf, and the 'owner' of the type would not be able to drop it. So we should either add some kind of USE permission for types, or make it possible to drop a type that's currently in use.

      Attachments

        Issue Links

          is related to

          New Feature - A new feature of the product, which has yet to be developed. CASSANDRA-5590 User defined types for CQL3

          • Normal -
          • Resolved

          Activity

            People

              aleksey Aleksey Yeschenko
              aleksey Aleksey Yeschenko
              Aleksey Yeschenko
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: