> folks - I think we’ve achieved lazy consensus here. Please continue with feedback on the jira.
Hi Dinesh, As Jeremiah commented on JIRA, shouldn't we have a vote in the ML? For the future reference, in my opinion, adding new CQL syntax should have a CEP as it is not something we can easily change once defined. On Wed, Jul 12, 2023 at 7:19 AM Derek Chen-Becker <de...@chen-becker.org> wrote: > EC - eventual consensus? > > On Tue, Jul 11, 2023 at 4:03 PM Dinesh Joshi <djo...@apache.org> wrote: > >> folks - I think we’ve achieved lazy consensus here. Please continue with >> feedback on the jira. >> >> Thanks, >> >> Dinesh >> >> >> On Jul 7, 2023, at 12:23 PM, Jyothsna Konisa <jyothsna1...@gmail.com> >> wrote: >> >> >> Hi Yuki, Jeremiah & Christopher, >> >> Thank you very much for the feedback. >> >> Regarding removing superuser check for adding/removing identities, I have >> relaxed that check and added permissions check instead. With this change >> only users with appropriate permissions to add/drop identities can perform >> that action. >> >> About extending `Create Role` cqlsh statement, we have a couple of >> reasons for not doing that. We designed the mTLS authenticator in such a >> way that a single role can be associated with multiple identities, EX: >> there can be several identities which are read_only users. Also, having a >> separate cqlsh statement for identities makes it more pluggable and >> independent. If we still think that extending the create role statement >> would be a convenient feature, we can add it as required in the followup >> patches. >> >> Christopher, I will be acting upon your feedback regarding having >> identity in the cassandra.yaml optionally configurable. >> >> Thanks, >> Jyothsna Konisa. >> >> On Thu, Jul 6, 2023 at 5:30 PM Dinesh Joshi <djo...@apache.org> wrote: >> >>> > On Jun 30, 2023, at 1:09 PM, Jeremiah Jordan <jerem...@datastax.com> >>> wrote: >>> > >>> > I don’t think users necessarily need to be able to update their own >>> identities. I just don’t want to have to use the super user role. The >>> super user role has all power over all things in the data base. I don’t >>> want to have to give that much power to the person who manages identities, >>> I just want to give them the power to manage identities. >>> >>> Makes sense. I think Jyothsna already pushed an update to the PR to >>> relax the restriction. Please feel free to take a look at it. >>> >>> Dinesh >>> >>> >>> >>> > > -- > +---------------------------------------------------------------+ > | Derek Chen-Becker | > | GPG Key available at https://keybase.io/dchenbecker and | > | https://pgp.mit.edu/pks/lookup?search=derek%40chen-becker.org | > | Fngrprnt: EB8A 6480 F0A3 C8EB C1E7 7F42 AFC5 AFEE 96E4 6ACC | > +---------------------------------------------------------------+ > >
