Return-Path: 
 <commits-return-139031-apmail-cassandra-commits-archive=cassandra.apache.org@cassandra.apache.org>
X-Original-To: apmail-cassandra-commits-archive@www.apache.org
Delivered-To: apmail-cassandra-commits-archive@www.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id 6225318518
	for <apmail-cassandra-commits-archive@www.apache.org>;
 Fri, 24 Jul 2015 13:03:39 +0000 (UTC)
Received: (qmail 58606 invoked by uid 500); 24 Jul 2015 13:03:05 -0000
Delivered-To: apmail-cassandra-commits-archive@cassandra.apache.org
Received: (qmail 58572 invoked by uid 500); 24 Jul 2015 13:03:04 -0000
Mailing-List: contact commits-help@cassandra.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:commits-help@cassandra.apache.org>
List-Unsubscribe: <mailto:commits-unsubscribe@cassandra.apache.org>
List-Post: <mailto:commits@cassandra.apache.org>
List-Id: <commits.cassandra.apache.org>
Reply-To: dev@cassandra.apache.org
Delivered-To: mailing list commits@cassandra.apache.org
Received: (qmail 58561 invoked by uid 99); 24 Jul 2015 13:03:04 -0000
Received: from arcas.apache.org (HELO arcas.apache.org) (140.211.11.28)
    by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 24 Jul 2015 13:03:04 +0000
Date: Fri, 24 Jul 2015 13:03:04 +0000 (UTC)
From: "Jonathan Ellis (JIRA)" <jira@apache.org>
To: commits@cassandra.apache.org
Message-ID: <JIRA.12848884.1437742982000.281102.1437742984867@Atlassian.JIRA>
In-Reply-To: <JIRA.12848884.1437742982000@Atlassian.JIRA>
References: <JIRA.12848884.1437742982000@Atlassian.JIRA>
 <JIRA.12848884.1437742982198@arcas>
Subject: [jira] [Created] (CASSANDRA-9892) Add support for unsandboxed UDF
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394

Jonathan Ellis created CASSANDRA-9892:
-----------------------------------------

             Summary: Add support for unsandboxed UDF
                 Key: CASSANDRA-9892
                 URL: https://issues.apache.org/jira/browse/CASSANDRA-9892
             Project: Cassandra
          Issue Type: New Feature
            Reporter: Jonathan Ellis
            Assignee: Robert Stupp
            Priority: Minor


>From discussion on CASSANDRA-9402,

The approach postgresql takes is to distinguish between "trusted" (sandboxed) and "untrusted" (anything goes) UDF languages. 

Creating an untrusted language always requires superuser mode. Once that is done, creating functions in it requires nothing special.

Personally I would be fine with this approach, but I think it would be more useful to have the extra permission on creating the function, and also wouldn't require adding explicit CREATE LANGUAGE.

So I'd suggest just providing different CQL permissions for trusted and untrusted, i.e. if you have CREATE FUNCTION permission that allows you to create sandboxed UDF, but you can only create unsandboxed if you have CREATE UNTRUSTED.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)