Uploaded image for project: 'Cassandra'
  1. Cassandra
  2. CASSANDRA-8082

Consider re-introducing TRUNCATE permission

    Details

    • Type: New Feature
    • Status: Resolved
    • Priority: Low
    • Resolution: Duplicate
    • Fix Version/s: None
    • Component/s: None
    • Labels:
      None

      Description

      We should consider re-introducing a separate `TRUNCATE` permission.

      Truncate operation would require both `MODIFY` and `TRUNCATE` to run.

      I'm not entirely sold on this change, as we do create snapshots before truncating, so fat-fingers aren't catastrophic, but am open to the idea.

      Original description:

      Currently CQL permissions are grouped as:

      ALL - All statements
      ALTER - ALTER KEYSPACE, ALTER TABLE, CREATE INDEX, DROP INDEX
      AUTHORIZE - GRANT, REVOKE
      CREATE - CREATE KEYSPACE, CREATE TABLE
      DROP - DROP KEYSPACE, DROP TABLE
      MODIFY - INSERT, DELETE, UPDATE, TRUNCATE
      SELECT -SELECT

      The MODIFY permission is too wide. There are plenty scenarios where a user should not be to DELETE and TRUNCATE a table but should be able to INSERT and UPDATE.

      It would be great if Cassandra could either support defining permissions dynamically or have additional finer grained MODIFY related permissions.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                Unassigned
                Reporter:
                johnny15676 Johnny Miller
              • Votes:
                0 Vote for this issue
                Watchers:
                6 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: