[
https://issues.apache.org/jira/browse/CASSANDRA-16902?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17419745#comment-17419745
]
Aleksei Zotov commented on CASSANDRA-16902:
-------------------------------------------
[~adelapena]
I put some comment to the PR, please, check them out and let me know your
thoughts.
The main points:
# do we want to keep authorization logic in {{CassandraAuthorizer}} or move to
{{ListPermissionsStatement}}? I feel moving makes sense, but I'd move it to
{{authorize}} method then.
# I wrote a unit test (while trying to figure out what is going on), could
you, please, check it and incorporate to the PR if it looks good to you.
You can find the unit test and other changes I'm referring to in the PR
comments here:
https://github.com/azotcsit/cassandra/commit/4ee78c216c1f4e03f55174c9f2d7b86385bbbd3d
> A user should be able to view permissions of role they created
> --------------------------------------------------------------
>
> Key: CASSANDRA-16902
> URL: https://issues.apache.org/jira/browse/CASSANDRA-16902
> Project: Cassandra
> Issue Type: Bug
> Components: Feature/Authorization
> Reporter: Andres de la Peña
> Assignee: Andres de la Peña
> Priority: Normal
> Time Spent: 20m
> Remaining Estimate: 0h
>
> Currently users are denied to view permissions to see a role they created:
> {code}
> CREATE ROLE parent WITH PASSWORD = 'x' AND LOGIN = true;
> GRANT CREATE ON ALL ROLES TO parent;
> LOGIN parent;
> CREATE ROLE child WITH PASSWORD = 'x' AND LOGIN = true;
> LIST ALL PERMISSIONS OF 'child'; -- You are not authorized to view child's
> permissions
> {code}
> When a user creates a role they should get the {{DESCRIBE}} permission on
> that role by default.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
