cassandra-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Sam Tunnicliffe (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (CASSANDRA-8650) Creation and maintenance of roles should not require superuser status
Date Wed, 28 Jan 2015 09:35:34 GMT

    [ https://issues.apache.org/jira/browse/CASSANDRA-8650?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14294929#comment-14294929
] 

Sam Tunnicliffe commented on CASSANDRA-8650:
--------------------------------------------

Yes, I ummed and ahhed about that myself and whether roles should be considered part of the
top level DataResource or not. In fact,  my first version did exactly what you suggest but
it included some ugliness to work around several places where we assume we're dealing with
DataResource. I'll clean that up and post it for comparison.

> Creation and maintenance of roles should not require superuser status
> ---------------------------------------------------------------------
>
>                 Key: CASSANDRA-8650
>                 URL: https://issues.apache.org/jira/browse/CASSANDRA-8650
>             Project: Cassandra
>          Issue Type: Sub-task
>          Components: Core
>            Reporter: Sam Tunnicliffe
>            Assignee: Sam Tunnicliffe
>              Labels: cql, security
>             Fix For: 3.0
>
>         Attachments: 8650.txt
>
>
> Currently, only roles with superuser status are permitted to create/drop/grant/revoke
roles, which violates the principal of least privilege. In addition, in order to run {{ALTER
ROLE}} statements a user must log in directly as that role or else be a superuser. This requirement
increases the (ab)use of superuser privileges, especially where roles are created without
{{LOGIN}} privileges to model groups of permissions granted to individual db users. In this
scenario, a superuser is always required if such roles are to be granted and modified.
> We should add more granular permissions to allow administration of roles without requiring
superuser status.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message