cassandra-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Aleksey Yeschenko (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (CASSANDRA-7683) Always allow CREATE TABLE IF NOT EXISTS if it exists
Date Mon, 04 Aug 2014 11:38:12 GMT

    [ https://issues.apache.org/jira/browse/CASSANDRA-7683?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14084556#comment-14084556
] 

Aleksey Yeschenko commented on CASSANDRA-7683:
----------------------------------------------

Well, authorization is here to tell if a user has enough permissions to execute that particular
statement. And, arguably, whether or not the table exists, if one doesn't have CREATE rights
on the keyspace, they shouldn't be able to try execute the statement. IF NOT EXISTS is absolutely
orthogonal here.

> Always allow CREATE TABLE IF NOT EXISTS if it exists
> ----------------------------------------------------
>
>                 Key: CASSANDRA-7683
>                 URL: https://issues.apache.org/jira/browse/CASSANDRA-7683
>             Project: Cassandra
>          Issue Type: Wish
>          Components: Core
>            Reporter: Jens Rantil
>            Priority: Minor
>
> Background: I have a table that I'd like to make sure exists when I boot up my application.
To make the life easier for our developers I execute an `ALTER TABLE IF EXISTS`.
> In production I am using user based authorization and for security reasons regular production
users are not allowed to CREATE TABLEs.
> Problem: When a user without CREATE permission executes `ALTER TABLE IF EXISTS` for a
table that already exists, the command fails telling me the user is not allowed to execute
`CREATE TABLE`. It feels kinda ridiculous that this fails when I'm not actually creating the
table.
> Proposal: That the permission check only should be done if the table is only actually
to be created. 
> Workaround: Right now, I have a boolean that checks if in production and in that case
don't try to create the table. Another approach would be to manually check if the table exists.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

Mime
View raw message