[CASSANDRA-8213] Grant Permission fails if permission had been revoked previously - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: Normal
Resolution: Fixed
Fix Version/s: 2.1.2
Component/s: None
Labels:
- qa-resolved

Severity:
Normal

Description

The dtest auth_test.py:TestAuth.alter_cf_auth_test is failing.

        cassandra.execute("GRANT ALTER ON ks.cf TO cathy")
        cathy.execute("ALTER TABLE ks.cf ADD val int")

        cassandra.execute("REVOKE ALTER ON ks.cf FROM cathy")
        self.assertUnauthorized("User cathy has no ALTER permission on <table ks.cf> or any of its parents",
                                cathy, "CREATE INDEX ON ks.cf(val)")

        cassandra.execute("GRANT ALTER ON ks.cf TO cathy")
        cathy.execute("CREATE INDEX ON ks.cf(val)")

In this section of code, the user cathy is granted "ALTER" permissions on 'ks.cf', then they are revoked, then granted again. Monitoring system_auth.permissions during this section of code show that the permission is added with the initial grant, and revoked properly, but the table remains empty after the second grant.

When the cathy user attempts to create an index, the following exception is thrown:

Unauthorized: code=2100 [Unauthorized] message="User cathy has no ALTER permission on <table ks.cf> or any of its parents"

Attachments

Activity

People

Assignee:: Aleksey Yeschenko

Reporter:: Philip Thompson

Authors:: Aleksey Yeschenko

Tester:: Philip Thompson

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 29/Oct/14 18:02

Updated:: 16/Apr/19 09:31

Resolved:: 14/Nov/14 20:55