[ https://issues.apache.org/jira/browse/CASSANDRA-19385?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17912855#comment-17912855 ]
Stefan Miklosovic edited comment on CASSANDRA-19385 at 1/14/25 12:15 PM: ------------------------------------------------------------------------- Great patch! I've never thought about this ... was (Author: smiklosovic): Great patch! I've never though about this ... > ALTER ROLE WITH LOGIN=FALSE and REVOKE ROLE do not disconnect existing users > ---------------------------------------------------------------------------- > > Key: CASSANDRA-19385 > URL: https://issues.apache.org/jira/browse/CASSANDRA-19385 > Project: Apache Cassandra > Issue Type: Bug > Components: Messaging/Client > Reporter: Abe Ratnofsky > Assignee: Abe Ratnofsky > Priority: Normal > Attachments: ci_summary.html > > Time Spent: 1h 20m > Remaining Estimate: 0h > > Currently, if users want to block a role from connecting to Cassandra, ALTER > ROLE WITH LOGIN=FALSE and REVOKE ROLE seem like the sensible options. But > these commands do not disconnect existing connections authenticated with the > given role, and these connections will stay alive until they're disconnected > for another reason. Subsequent attempts to connect with that role will fail. > There is currently no way to disconnect all connections for a given user > either. nodetool disablebinary will disconnect all client connections for a > given node, and client sessions can be shut down. But in the case of a > credential leak or a misconfigured user, it can be desirable to prevent login > for a given role and disconnect all existing connections for that role. -- This message was sent by Atlassian Jira (v8.20.10#820010) --------------------------------------------------------------------- To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org For additional commands, e-mail: commits-h...@cassandra.apache.org