[
https://issues.apache.org/jira/browse/CASSANDRA-15089?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Sam Tunnicliffe updated CASSANDRA-15089:
----------------------------------------
Severity: Low
Complexity: Low Hanging Fruit
Discovered By: Code Inspection
Bug Category: Parent values: Degradation(12984)Level 1 values: Performance
Bug/Regression(12997)
Reviewers: Blake Eggleston
Status: Open (was: Triage Needed)
> CassandraNetworkAuthorizer::authorize should get role details from Roles, not
> directly from IRoleManager
> --------------------------------------------------------------------------------------------------------
>
> Key: CASSANDRA-15089
> URL: https://issues.apache.org/jira/browse/CASSANDRA-15089
> Project: Cassandra
> Issue Type: Bug
> Components: Feature/Authorization
> Reporter: Sam Tunnicliffe
> Assignee: Sam Tunnicliffe
> Priority: Normal
>
> If the network permissions cache doesn't contain any entry for a role, the
> authorize method is invoked on the configured INetworkAuthorizer. In the case
> of CassandraNetworkAuthorizer, this immediately checks whether the role in
> question has the LOGIN privilege set. It does this using the configured
> IRoleManager directly, which causes a read from the underlying table in
> system_auth. It should fetch the flag from Roles::canLogin, which uses the
> RolesCache, falling back to the IRoleManager if necessary.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
