[ https://issues.apache.org/jira/browse/CASSANDRA-19385?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Stefan Miklosovic updated CASSANDRA-19385: ------------------------------------------ Fix Version/s: 5.1 (was: 5.x) > ALTER ROLE WITH LOGIN=FALSE and REVOKE ROLE do not disconnect existing users > ---------------------------------------------------------------------------- > > Key: CASSANDRA-19385 > URL: https://issues.apache.org/jira/browse/CASSANDRA-19385 > Project: Apache Cassandra > Issue Type: Bug > Components: Messaging/Client > Reporter: Abe Ratnofsky > Assignee: Abe Ratnofsky > Priority: Normal > Fix For: 5.1 > > Attachments: ci_summary.html, ci_summary_9.html > > Time Spent: 1h 20m > Remaining Estimate: 0h > > Currently, if users want to block a role from connecting to Cassandra, ALTER > ROLE WITH LOGIN=FALSE and REVOKE ROLE seem like the sensible options. But > these commands do not disconnect existing connections authenticated with the > given role, and these connections will stay alive until they're disconnected > for another reason. Subsequent attempts to connect with that role will fail. > There is currently no way to disconnect all connections for a given user > either. nodetool disablebinary will disconnect all client connections for a > given node, and client sessions can be shut down. But in the case of a > credential leak or a misconfigured user, it can be desirable to prevent login > for a given role and disconnect all existing connections for that role. -- This message was sent by Atlassian Jira (v8.20.10#820010) --------------------------------------------------------------------- To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org For additional commands, e-mail: commits-h...@cassandra.apache.org