Type: New Feature
Fix Version/s: None
We should consider re-introducing a separate `TRUNCATE` permission.
Truncate operation would require both `MODIFY` and `TRUNCATE` to run.
I'm not entirely sold on this change, as we do create snapshots before truncating, so fat-fingers aren't catastrophic, but am open to the idea.
Currently CQL permissions are grouped as:
ALL - All statements
ALTER - ALTER KEYSPACE, ALTER TABLE, CREATE INDEX, DROP INDEX
AUTHORIZE - GRANT, REVOKE
CREATE - CREATE KEYSPACE, CREATE TABLE
DROP - DROP KEYSPACE, DROP TABLE
MODIFY - INSERT, DELETE, UPDATE, TRUNCATE
The MODIFY permission is too wide. There are plenty scenarios where a user should not be to DELETE and TRUNCATE a table but should be able to INSERT and UPDATE.
It would be great if Cassandra could either support defining permissions dynamically or have additional finer grained MODIFY related permissions.