[
https://issues.apache.org/jira/browse/CASSANDRA-17558?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17530793#comment-17530793
]
Josh McKenzie commented on CASSANDRA-17558:
-------------------------------------------
Not a bad idea; hadn't thought of that while I was porting this work.
I think the guardrail should be named {{truncate_drop_table_enabled}} and we
should introduce a new guardrail later named {{drop_keyspace_enabled}} as I can
see the utility in having both functionalities separately.
I'd prefer we not release 4.1 with this guardrail name as we'll be married to
it forever in one form or another in config w/out deprecation; any concerns
with this rename going in post-freeze [~aleksey] / [~mck] / [~adelapena]?
> Add guardrail to disallow DROP or TRUNCATE TABLE commands for non superuser
> accounts
> ------------------------------------------------------------------------------------
>
> Key: CASSANDRA-17558
> URL: https://issues.apache.org/jira/browse/CASSANDRA-17558
> Project: Cassandra
> Issue Type: New Feature
> Components: Feature/Guardrails
> Reporter: Josh McKenzie
> Assignee: Josh McKenzie
> Priority: Normal
> Fix For: 4.1
>
>
> While this can also be accomplished via roles, there's value in having a
> cluster-wide "all role ban" on specific operations that operators can
> configure for clusters that have need of those settings.
> In this case, we want the ability to completely disallow DROP or TRUNCATE
> TABLE commands so users cannot inadvertently throw away data and operators
> don't have to runbook managing roles to ensure that this functionality
> doesn't leak through.
--
This message was sent by Atlassian Jira
(v8.20.7#820007)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
