[jira] [Commented] (CASSANDRA-8957) Move TRUNCATE from MODIFY to DROP permission group

Mon, 16 Mar 2015 15:56:46 -0700 

    [ 
https://issues.apache.org/jira/browse/CASSANDRA-8957?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14364138#comment-14364138
 ] 

Aleksey Yeschenko commented on CASSANDRA-8957:
----------------------------------------------

bq. Can we create a new permission for truncate. CASSANDRA-8303 will be 
available in 3.0 and we need something in 2.0 and 2.1.

Adding a new permission would count as a breaking public API change (so would 
assigning an action to a different permission).

Now, assuming we did add it, CASSANDRA-8303 would then obsolete it, and we'd 
have to remove the recently added permission in the next release.

That doesn't feel right to me, personally.

That said, if there is enough push for it, we might end up backporting 
CASSANDRA-8303 to 2.1 - without the roles.

> Move TRUNCATE from MODIFY to  DROP permission group 
> ----------------------------------------------------
>
>                 Key: CASSANDRA-8957
>                 URL: https://issues.apache.org/jira/browse/CASSANDRA-8957
>             Project: Cassandra
>          Issue Type: Improvement
>            Reporter: Vishy Kasar
>
> Cassandra currently has 6 permissions:
>           ALTER: required for ALTER KEYSPCE, ALTER TABLE, CREATE INDEX, DROP 
> INDEX
>           AUTHORIZE: required for GRANT, REVOKE
>           CREATE: required for CREATE KEYSPACE, CREATE TABLE
>           DROP: required for DROP KEYSPACE, DROP TABLE
>           MODIFY: required for INSERT, DELETE, UPDATE, TRUNCATE
>           SELECT: required for SELECT
> It seems incorrect to lump TRUNCATE with INSERT, DELETE, UPDATE. Every normal 
> user typically does INSERT, DELETE, UPDATE. However a normal user does not 
> need TRUNCATE. We want to prevent normal user accidentally truncating their 
> tables in production. It is better to group TRUNCATE with other destructive 
> operations such as DROP KEYSPACE, DROP TABLE.
> Proposal: Move TRUNCATE from MODIFY to  DROP permission group 
> Proposed 6 permissions looks like this:
>           ALTER: required for ALTER KEYSPCE, ALTER TABLE, CREATE INDEX, DROP 
> INDEX
>           AUTHORIZE: required for GRANT, REVOKE
>           CREATE: required for CREATE KEYSPACE, CREATE TABLE
>           DROP: required for DROP KEYSPACE, DROP TABLE, TRUNCATE
>           MODIFY: required for INSERT, DELETE, UPDATE
>           SELECT: required for SELECT



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to