Return-Path: 
 <commits-return-117149-apmail-cassandra-commits-archive=cassandra.apache.org@cassandra.apache.org>
X-Original-To: apmail-cassandra-commits-archive@www.apache.org
Delivered-To: apmail-cassandra-commits-archive@www.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id AB456C2F4
	for <apmail-cassandra-commits-archive@www.apache.org>;
 Fri, 14 Nov 2014 20:56:34 +0000 (UTC)
Received: (qmail 26327 invoked by uid 500); 14 Nov 2014 20:56:34 -0000
Delivered-To: apmail-cassandra-commits-archive@cassandra.apache.org
Received: (qmail 26226 invoked by uid 500); 14 Nov 2014 20:56:34 -0000
Mailing-List: contact commits-help@cassandra.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:commits-help@cassandra.apache.org>
List-Unsubscribe: <mailto:commits-unsubscribe@cassandra.apache.org>
List-Post: <mailto:commits@cassandra.apache.org>
List-Id: <commits.cassandra.apache.org>
Reply-To: dev@cassandra.apache.org
Delivered-To: mailing list commits@cassandra.apache.org
Received: (qmail 25894 invoked by uid 99); 14 Nov 2014 20:56:34 -0000
Received: from arcas.apache.org (HELO arcas.apache.org) (140.211.11.28)
    by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 14 Nov 2014 20:56:34 +0000
Date: Fri, 14 Nov 2014 20:56:34 +0000 (UTC)
From: "Philip Thompson (JIRA)" <jira@apache.org>
To: commits@cassandra.apache.org
Message-ID: <JIRA.12751446.1414605768000.503712.1415998594234@Atlassian.JIRA>
In-Reply-To: <JIRA.12751446.1414605768000@Atlassian.JIRA>
References: <JIRA.12751446.1414605768000@Atlassian.JIRA>
 <JIRA.12751446.1414605768903@arcas>
Subject: [jira] [Commented] (CASSANDRA-8213) Grant Permission fails if
 permission had been revoked previously
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394


    [ https://issues.apache.org/jira/browse/CASSANDRA-8213?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14212814#comment-14212814 ] 

Philip Thompson commented on CASSANDRA-8213:
--------------------------------------------

Examining jenkins logs, this appears to be have caused by CASSANDRA-8139 and fixed by CASSANDRA-8246.

> Grant Permission fails if permission had been revoked previously
> ----------------------------------------------------------------
>
>                 Key: CASSANDRA-8213
>                 URL: https://issues.apache.org/jira/browse/CASSANDRA-8213
>             Project: Cassandra
>          Issue Type: Bug
>            Reporter: Philip Thompson
>            Assignee: Aleksey Yeschenko
>             Fix For: 2.1.2
>
>
> The dtest auth_test.py:TestAuth.alter_cf_auth_test is failing. 
> {code}
>         cassandra.execute("GRANT ALTER ON ks.cf TO cathy")
>         cathy.execute("ALTER TABLE ks.cf ADD val int")
>         cassandra.execute("REVOKE ALTER ON ks.cf FROM cathy")
>         self.assertUnauthorized("User cathy has no ALTER permission on <table ks.cf> or any of its parents",
>                                 cathy, "CREATE INDEX ON ks.cf(val)")
>         cassandra.execute("GRANT ALTER ON ks.cf TO cathy")
>         cathy.execute("CREATE INDEX ON ks.cf(val)")
> {code}
> In this section of code, the user cathy is granted "ALTER" permissions on 'ks.cf', then they are revoked, then granted again. Monitoring system_auth.permissions during this section of code show that the permission is added with the initial grant, and revoked properly, but the table remains empty after the second grant.
> When the cathy user attempts to create an index, the following exception is thrown:
> {code}
> Unauthorized: code=2100 [Unauthorized] message="User cathy has no ALTER permission on <table ks.cf> or any of its parents"
> {code}



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)