[
https://issues.apache.org/jira/browse/CASSANDRA-20000?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17892448#comment-17892448
]
Michael Semb Wever commented on CASSANDRA-20000:
------------------------------------------------
This doesn't extend to operational improvements, e.g. those that have no
user-visible (or compatibility-related) change.
The question [~tiagomlalves] raises is, why is the system* keyspaces schema
part of the compatibility concern. Some aspects we're ok with
compatibility-safe additions, but others not.
My understanding is that system tables, being a distributed thing, have been a
known source of pain with changes in stable branches. Same logic as internode
messaging, gossip, etc. We've avoided touching them non-trunk unless
critical. Same logic goes for the sstable format, only bump it for critical
bugs. system schema also doesn't have any versioning identifier, so changes
in stable branches introduces undefined different upgrade paths…
> Add support for Role's OPTIONS
> ------------------------------
>
> Key: CASSANDRA-20000
> URL: https://issues.apache.org/jira/browse/CASSANDRA-20000
> Project: Cassandra
> Issue Type: Improvement
> Components: CQL/Semantics, Feature/Authorization
> Reporter: Tiago L. Alves
> Assignee: Tiago L. Alves
> Priority: Normal
> Fix For: 5.0.x
>
> Time Spent: 20m
> Remaining Estimate: 0h
>
> The Cassandra Query Language
> [https://cassandra.apache.org/doc/stable/cassandra/cql/security.html] /
> [https://cassandra.apache.org/doc/5.0/cassandra/developing/cql/security.html]
> specify that a role can have custom options defined as literal map.
> The documentation shows a valid example of these custom options:
> {{CREATE ROLE carlos WITH OPTIONS = \{ 'custom_option1' : 'option1_value',
> 'custom_option2' : 99 }; }}
> However, the storage/retrieval of such custom options has not been
> implemented in Cassandra. See for instance,
> [https://github.com/apache/cassandra/blob/18960d6e3443bf002ef4f46c7f0e1f2ee99734e1/src/java/org/apache/cassandra/auth/CassandraRoleManager.java#L393-L396]
> Storing custom options per role could have multiple usages, for instance, it
> could allow admins to specify fine-grain permissions that can be interpreted
> by custom authenticator/authorizer.
> The goal of this task is to add support for Role custom options, by storing
> them in an additional table called {{role_options}} in the {{system_auth}}
> keyspace.
> Creating a role with options should write the information in both the
> {{roles}} and the {{role_options}} tables. Creating a role with no options or
> having an empty map of options should not write any information in the
> {{role_options}} table.
> Altering a role should behave as follows when executing an {{ALTER ROLE}}
> statement:
> * without specifying {{{}OPTIONS{}}}: no changes should be done in the
> {{role_options}} table.
> * specifying {{OPTIONS}} altering a role with no previous custom options: we
> should insert the custom options in the {{role_options}} table.
> * specifying {{OPTIONS}} altering a role with previous custom options: we
> should replace the existent custom options
> * in the {{role_options}} table.
> Dropping a role should drop information in both {{roles}} and
> {{{}role_options{}}}.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
