cassandra-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Aleksey Yeschenko (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (CASSANDRA-4868) When authorizing actions, check for NO_ACCESS permission first instead of FULL_ACCESS
Date Mon, 29 Oct 2012 03:01:14 GMT

    [ https://issues.apache.org/jira/browse/CASSANDRA-4868?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13485802#comment-13485802
] 

Aleksey Yeschenko commented on CASSANDRA-4868:
----------------------------------------------

An empty collection should mean 'Absence of permission'. Which is why I don't like the idea
of NO_ACCEES at all.
However, since we do have it now, and it is possible for a user to have both FULL_ACCESS and
NO_ACCESS for some resource at the same time, let's at least be strict and look for NO_ACCESS
first.

If we can just get rid of NO_ACCESS, however, let's do that.
                
> When authorizing actions, check for NO_ACCESS permission first instead of FULL_ACCESS
> -------------------------------------------------------------------------------------
>
>                 Key: CASSANDRA-4868
>                 URL: https://issues.apache.org/jira/browse/CASSANDRA-4868
>             Project: Cassandra
>          Issue Type: Improvement
>    Affects Versions: 1.1.6, 1.2.0 beta 1
>            Reporter: Aleksey Yeschenko
>            Assignee: Aleksey Yeschenko
>            Priority: Minor
>             Fix For: 1.1.7, 1.2.0 beta 2
>
>         Attachments: CASSANDRA-4868-1.1.txt, CASSANDRA-4868-1.2.txt
>
>
> When authorizing actions, check for NO_ACCESS permission first instead of FULL_ACCESS
(ClientState.hasAccess). This seems like a safer order to me.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Mime
View raw message