Uploaded image for project: 'Cassandra'
  1. Cassandra
  2. CASSANDRA-6304

Better handling of authorization for User Types

    XMLWordPrintableJSON

    Details

    • Type: New Feature
    • Status: Resolved
    • Priority: Normal
    • Resolution: Not A Problem
    • Fix Version/s: 2.1 beta1
    • Component/s: None
    • Labels:
      None

      Description

      Currently, we require CREATE/ALTER/DROP on ALL KEYSPACES, which is a bit excessive, and not entirely correct (but is the best we can do atm).

      We should:
      1. create a new IResource implementation for user types (TypeResource)
      2. extend CQL3 GRANT/REVOKE to allow CREATE/ALTER/DROP on (ALL TYPES|TYPE <name>)
      3. require CREATE/ALTER/DROP permissions instead of requiring all keyspace access

      We could (should?) optionally require ALTER permission on the columnfamilies affected by ALTER TYPE. Not sure about this?

      We also don't currently allow dropping a type that's in use by a CF. So someone might start using a type in the cf, and the 'owner' of the type would not be able to drop it. So we should either add some kind of USE permission for types, or make it possible to drop a type that's currently in use.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                aleksey Aleksey Yeschenko
                Reporter:
                aleksey Aleksey Yeschenko
                Authors:
                Aleksey Yeschenko
              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: