Sam Tunnicliffe created CASSANDRA-8650:
------------------------------------------
Summary: Creation and maintenance of roles should not require
superuser status
Key: CASSANDRA-8650
URL: https://issues.apache.org/jira/browse/CASSANDRA-8650
Project: Cassandra
Issue Type: Improvement
Components: Core
Reporter: Sam Tunnicliffe
Fix For: 3.0
Currently, only roles with superuser status are permitted to
create/drop/grant/revoke roles, which violates the principal of least
privilege. In addition, in order to run {{ALTER ROLE}} statements a user must
log in directly as that role or else be a superuser. This requirement increases
the (ab)use of superuser privileges, especially where roles are created without
{{LOGIN}} privileges to model groups of permissions granted to individual db
users. In this scenario, a superuser is always required if such roles are to be
granted and modified.
We should add more granular permissions to allow administration of roles
without requiring superuser status.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
