[
https://issues.apache.org/jira/browse/CASSANDRA-20171?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17945551#comment-17945551
]
Francisco Guerrero commented on CASSANDRA-20171:
------------------------------------------------
Updated CI results. There are some errors but none related to this change, so I
think we are good to proceed with the merge once [~maxwellguo] approves:
[^ci_summary-trunk.html]
[^ci_summary-5.0.html]
[^ci_summary-4.1.html]
[^ci_summary-4.0.html]
> Grant permission on keyspaces system_views and system_virtual_schema not
> possible
> ---------------------------------------------------------------------------------
>
> Key: CASSANDRA-20171
> URL: https://issues.apache.org/jira/browse/CASSANDRA-20171
> Project: Apache Cassandra
> Issue Type: Bug
> Components: Feature/Virtual Tables
> Reporter: Tibor Repasi
> Assignee: Tibor Repasi
> Priority: Normal
> Fix For: 4.0.x, 4.1.x, 5.0.x, 5.x
>
> Attachments: ci_summary-1.html, ci_summary-2.html, ci_summary-3.html,
> ci_summary-4.0.html, ci_summary-4.1.html, ci_summary-5.0.html,
> ci_summary-trunk.html, ci_summary.html
>
> Time Spent: 4h 50m
> Remaining Estimate: 0h
>
> Trying to grant select permission on keyspace system_views or
> system_virtual_schema fails with an error message stating that these
> resources wouldn't exist.
> {code}
> cassandra@cqlsh> CREATE ROLE test WITH PASSWORD = 'test' AND LOGIN = true AND
> SUPERUSER = false ;
> cassandra@cqlsh> LIST USERS ;
> name | super | datacenters
> -----------+-------+-------------
> cassandra | True | ALL
> test | False | ALL
> (2 rows)
> cassandra@cqlsh> GRANT SELECT PERMISSION ON KEYSPACE system TO test;
> cassandra@cqlsh> GRANT SELECT PERMISSION ON KEYSPACE system_schema TO test;
> cassandra@cqlsh> GRANT SELECT PERMISSION ON KEYSPACE system_views TO test;
> InvalidRequest: Error from server: code=2200 [Invalid query]
> message="Resource <keyspace system_views> doesn't exist"
> cassandra@cqlsh> GRANT SELECT PERMISSION ON KEYSPACE system_ TO test;
> system_auth system_distributed system_schema
> system_traces system_views system_virtual_schema
> cassandra@cqlsh> GRANT SELECT PERMISSION ON KEYSPACE system_virtual_schema TO
> test;
> InvalidRequest: Error from server: code=2200 [Invalid query]
> message="Resource <keyspace system_virtual_schema> doesn't exist"
> {code}
> However, the above permission can be added by updating role_permissions
> directly
> {code}
> cassandra@cqlsh> UPDATE system_auth.role_permissions SET permissions =
> permissions + {'SELECT'} WHERE role = 'test' AND resource =
> 'data/system_views';
> cassandra@cqlsh> LIST ALL PERMISSIONS OF test;
> role | username | resource | permission
> ------+----------+--------------------------+------------
> test | test | <keyspace system> | SELECT
> test | test | <keyspace system_schema> | SELECT
> test | test | <keyspace system_views> | SELECT
> (3 rows)
> {code}
> Reading the code unveiled, that {{system_schema.keyspaces}} doesn't list
> those two keyspace, which causes the grant permission command to fail.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org
For additional commands, e-mail: commits-h...@cassandra.apache.org
