Uploaded image for project: 'Cassandra'
  1. Cassandra
  2. CASSANDRA-8213

Grant Permission fails if permission had been revoked previously

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Normal
    • Resolution: Fixed
    • Fix Version/s: 2.1.2
    • Component/s: None
    • Labels:
    • Severity:
      Normal

      Description

      The dtest auth_test.py:TestAuth.alter_cf_auth_test is failing.

              cassandra.execute("GRANT ALTER ON ks.cf TO cathy")
              cathy.execute("ALTER TABLE ks.cf ADD val int")
      
              cassandra.execute("REVOKE ALTER ON ks.cf FROM cathy")
              self.assertUnauthorized("User cathy has no ALTER permission on <table ks.cf> or any of its parents",
                                      cathy, "CREATE INDEX ON ks.cf(val)")
      
              cassandra.execute("GRANT ALTER ON ks.cf TO cathy")
              cathy.execute("CREATE INDEX ON ks.cf(val)")
      

      In this section of code, the user cathy is granted "ALTER" permissions on 'ks.cf', then they are revoked, then granted again. Monitoring system_auth.permissions during this section of code show that the permission is added with the initial grant, and revoked properly, but the table remains empty after the second grant.

      When the cathy user attempts to create an index, the following exception is thrown:

      Unauthorized: code=2100 [Unauthorized] message="User cathy has no ALTER permission on <table ks.cf> or any of its parents"
      

        Attachments

          Activity

            People

            • Assignee:
              aleksey Aleksey Yeschenko
              Reporter:
              philipthompson Philip Thompson
              Authors:
              Aleksey Yeschenko
              Tester:
              Philip Thompson
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: