cassandra-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From aaron morton <aa...@thelastpickle.com>
Subject Re: User authorized for <modify-keyspace> cannot create CFs
Date Thu, 19 Apr 2012 10:04:49 GMT
What version are you on ? 

AFAIK the SimpleAuthenticator, and to some degree authentication (?), has been essentially
deprecated as it was considered incomplete and was not under development. This is why the
SimpleAuthenticator was moved out to the examples directory in 1.X. I doubt it will be dropped,
but (again AFIK) it is not under active development. 

If I have things wrong here please let me know.

That said, do you have the exact call that causes the error ? Can you run it with DEBUG logging
on the server ? It looks like the error is from an attempt to write to the CF. 

Cheers
Aaron

-----------------
Aaron Morton
Freelance Developer
@aaronmorton
http://www.thelastpickle.com

On 18/04/2012, at 12:23 AM, Michal Michalski wrote:

> Hi,
> 
> I'm suffering a problem, which maybe is a feature ( ;) ), but for me it's rather an annoying
problem. I use SimpleAuthenticator and I have user who should be a kind of Cassandra's keyspace
"root" - he should be allowed to do everything. So I set:
> 
> <modify-keyspaces>=master
> 
> Unluckily, when I try to create CFs (with a script) I get:
> 
> pycassa.cassandra.c10.ttypes.InvalidRequestException: InvalidRequestException(why='#<User
master groups=[]> does not have permission WRITE for /cassandra/keyspaces/test')
> 
> It's not a problem of logging in, because if I provide wrong password I get different
error:
> 
> pycassa.cassandra.c10.ttypes.AuthenticationException: AuthenticationException(why='Given
password in password mode MD5 could not be validated for user master')
> 
> When I go back to AllowAllAuthority for a while, create CFs and then move back to SimpleAuthority
(user has <rw> on all CFs) it's working perfectly to manipulate the data in CFs in this
keyspace. But altering CFs settings still fails.
> 
> So, the question is - is it intended to work this way, that user with "modify-keyspace"
permission cannot - sic! - modify the keyspace in terms of creating/altering CF? Is it a bug,
or a feature? If feature - why? :)
> 
> Or maybe this setting is for other purposes and I just don't understand the idea? ;)
> 
> Kind regards,
> MichaƂ M.


Mime
View raw message