Return-Path: X-Original-To: apmail-cassandra-user-archive@www.apache.org Delivered-To: apmail-cassandra-user-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 4227E18E75 for ; Wed, 5 Aug 2015 21:04:43 +0000 (UTC) Received: (qmail 87259 invoked by uid 500); 5 Aug 2015 21:04:40 -0000 Delivered-To: apmail-cassandra-user-archive@cassandra.apache.org Received: (qmail 87218 invoked by uid 500); 5 Aug 2015 21:04:40 -0000 Mailing-List: contact user-help@cassandra.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: user@cassandra.apache.org Delivered-To: mailing list user@cassandra.apache.org Received: (qmail 87208 invoked by uid 99); 5 Aug 2015 21:04:40 -0000 Received: from Unknown (HELO spamd2-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 05 Aug 2015 21:04:40 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd2-us-west.apache.org (ASF Mail Server at spamd2-us-west.apache.org) with ESMTP id C418F1A9878 for ; Wed, 5 Aug 2015 21:04:39 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd2-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: 3.73 X-Spam-Level: *** X-Spam-Status: No, score=3.73 tagged_above=-999 required=6.31 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_RATIO_04=0.61, HTML_MESSAGE=3, KAM_HUGEIMGSRC=0.2, SPF_PASS=-0.001, T_KAM_HTML_FONT_INVALID=0.01, T_REMOTE_IMAGE=0.01, URIBL_BLOCKED=0.001] autolearn=disabled Authentication-Results: spamd2-us-west.apache.org (amavisd-new); dkim=pass (1024-bit key) header.d=datastax.com Received: from mx1-us-west.apache.org ([10.40.0.8]) by localhost (spamd2-us-west.apache.org [10.40.0.9]) (amavisd-new, port 10024) with ESMTP id csy_1Oba_HBh for ; Wed, 5 Aug 2015 21:04:25 +0000 (UTC) Received: from mail-wi0-f170.google.com (mail-wi0-f170.google.com [209.85.212.170]) by mx1-us-west.apache.org (ASF Mail Server at mx1-us-west.apache.org) with ESMTPS id D15B620594 for ; Wed, 5 Aug 2015 21:04:24 +0000 (UTC) Received: by wicne3 with SMTP id ne3so20320155wic.1 for ; Wed, 05 Aug 2015 14:04:23 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=datastax.com; s=google; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :content-type; bh=DytBXmqptq2PLVpsFixgIgECmoHSGuw1ULulR26dyIc=; b=nIt9Qq8rS5oylb3CT2e2XK/V+NwzP/Ee0ZWhElRzIxtP2VMzg7kkZZJ8CC6QBPDXMs pFSl179QW1+dtINhF4vjsoz9jr09FmB8AhlddMmy2xLn1LILSk5WsilqnMSLr+zLP0EB LmmYZ5aJNuK4eknX+wUyHn/qvF5+4LYfnJ1w0= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:content-type; bh=DytBXmqptq2PLVpsFixgIgECmoHSGuw1ULulR26dyIc=; b=c8xi6aym9vdPWjQcpwAhgKB3ACILEYUI5bWbDd2eBbqIYMZWo4L5iStsFJ3siAHJdl dlrSzQVZczt4uztBq+nPEdN73/G0vYVs0K0d2mqnTuFoky9CFv+CbJNeM3TSI2SOWqyz Edcw0rz7N5LqQ3G4ok/R8l+OYmldbgJjoeY1JM1qZKEZk75uU+fiyWOg2g0tOZ0P5PV9 d8/R9oCVaHwwQUSMruPv6kB0Sma0qgmYzAC2p3PhwSrv5H6zZAr0zBC2sSws5aiAcwFj NoloDg9IIQAjnrKsadNMmSQAVXJmohFxb+e+PBHt5G8jcR7nBVdMVQ42AUCVY5b/U4TF 9frA== X-Gm-Message-State: ALoCoQl9BHfHC14oJrIzPXTDXGt2r7Q/1PPtCiZYayXgpa+YmPwMHq5+OMYPEFWxkktvM0NLjP9a X-Received: by 10.180.198.115 with SMTP id jb19mr2443992wic.62.1438808663539; Wed, 05 Aug 2015 14:04:23 -0700 (PDT) MIME-Version: 1.0 Received: by 10.27.39.9 with HTTP; Wed, 5 Aug 2015 14:03:53 -0700 (PDT) In-Reply-To: References: From: Dan Jatnieks Date: Wed, 5 Aug 2015 14:03:53 -0700 Message-ID: Subject: Re: only grant select , but still can modify data To: user@cassandra.apache.org Content-Type: multipart/alternative; boundary=047d7b624e7e4a5f2c051c96bf27 --047d7b624e7e4a5f2c051c96bf27 Content-Type: text/plain; charset=UTF-8 Hi Rock, I was not able to reproduce this problem using C* 2.2 and DevCenter 1.4. What versions are you using? Did you check that the DevCenter connection properties are using the "readonly" account and that any existing connection was closed and re-opened? Did you get the expected result with cqlsh? dan On Mon, Aug 3, 2015 at 7:12 PM, rock zhang wrote: > Hi All, > > I want to create a readonly account, so i run the following command > following: > http://docs.datastax.com/en/cassandra/1.2/cassandra/security/security_config_native_authenticate_t.html > > CREATE USER readonly WITH PASSWORD 'xxxx' ; > > GRANT SELECT ON ALL KEYSPACES TO readonly; > > Then I login DevCenter with readonly account , i still can modify the > data, anyone knows why ? Many thanks. > > I set keyspace system_auth replica as 6 since i have 6 nodes. > > > Thanks > Rock > -- Dan Jatnieks Software Engineer | danj@datastax.com --047d7b624e7e4a5f2c051c96bf27 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable
Hi = Rock,

I was not able to r= eproduce this problem using C* 2.2 and DevCenter 1.4. What versions are you= using? Did you check that the DevCenter connection properties are using th= e "readonly" account and that any existing connection was closed = and re-opened? Did you get the expected result with cqlsh?

dan


On Mon, Aug 3, 2015 at 7:12 PM, rock zhang <rock@aloh= ar.com> wrote:
Hi All,

I want to create a readonly account, so i run the following command follow= ing:=C2=A0http:/= /docs.datastax.com/en/cassandra/1.2/cassandra/security/security_config_nati= ve_authenticate_t.html

CREATE=C2=A0USER read= only WITH=C2=A0PASSWORD=C2=A0'xxxx' =C2=A0;

GRANT SELECT ON ALL KEYSPACES TO readonly;

Then I login DevCente= r =C2=A0with readonly account , i still can modify the data, anyone knows w= hy ?=C2=A0 Many thanks.

I set keyspace system_auth replica as 6 since i have 6 nodes.=C2=A0<= /div>

<= div style=3D"margin:0px;font-size:11px;font-family:Menlo">
Thanks
Rock=C2=A0
=


--
=
--047d7b624e7e4a5f2c051c96bf27--