[
https://issues.apache.org/jira/browse/CASSANDRA-17558?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17531131#comment-17531131
]
Andres de la Peña commented on CASSANDRA-17558:
-----------------------------------------------
I'd do the rename of the property before releasing 4.1, so we don't have to
deprecate it immediately after it's introduction.
If we want to keep a single guardrail for {{DROP}} and {{TRUNCATE}} instead of
separate guardrails, I'd go with {{drop_truncate_table_enabled}} or
{{{}drop_or_truncate_table_enabled{}}}, starting with {{{}drop_{}}}. That way
it can be more easily associated to the future {{{}drop_keyspace_enabled{}}},
since I guess that it will be common for users to use the same value for both
guardrails.
> Add guardrail to disallow DROP or TRUNCATE TABLE commands for non superuser
> accounts
> ------------------------------------------------------------------------------------
>
> Key: CASSANDRA-17558
> URL: https://issues.apache.org/jira/browse/CASSANDRA-17558
> Project: Cassandra
> Issue Type: New Feature
> Components: Feature/Guardrails
> Reporter: Josh McKenzie
> Assignee: Josh McKenzie
> Priority: Normal
> Fix For: 4.1
>
>
> While this can also be accomplished via roles, there's value in having a
> cluster-wide "all role ban" on specific operations that operators can
> configure for clusters that have need of those settings.
> In this case, we want the ability to completely disallow DROP or TRUNCATE
> TABLE commands so users cannot inadvertently throw away data and operators
> don't have to runbook managing roles to ensure that this functionality
> doesn't leak through.
--
This message was sent by Atlassian Jira
(v8.20.7#820007)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
