[ https://issues.apache.org/jira/browse/CASSANDRA-8650?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14294390#comment-14294390 ]
Aleksey Yeschenko commented on CASSANDRA-8650: ---------------------------------------------- I'll have full notes posted later. One question - if we do go this route, shouldn't we just create another IResource (purely for roles) vs. abusing the high-level DataResource? Then we can use the same permission names, without the ugly underscores, and just have them belong to a totally different resource hierarchy. > Creation and maintenance of roles should not require superuser status > --------------------------------------------------------------------- > > Key: CASSANDRA-8650 > URL: https://issues.apache.org/jira/browse/CASSANDRA-8650 > Project: Cassandra > Issue Type: Improvement > Components: Core > Reporter: Sam Tunnicliffe > Assignee: Sam Tunnicliffe > Labels: cql, security > Fix For: 3.0 > > Attachments: 8650.txt > > > Currently, only roles with superuser status are permitted to > create/drop/grant/revoke roles, which violates the principal of least > privilege. In addition, in order to run {{ALTER ROLE}} statements a user must > log in directly as that role or else be a superuser. This requirement > increases the (ab)use of superuser privileges, especially where roles are > created without {{LOGIN}} privileges to model groups of permissions granted > to individual db users. In this scenario, a superuser is always required if > such roles are to be granted and modified. > We should add more granular permissions to allow administration of roles > without requiring superuser status. -- This message was sent by Atlassian JIRA (v6.3.4#6332)