Stefan Miklosovic created CASSANDRA-21059:
---------------------------------------------
Summary: granting a permission to a role and revoking that
permission from role by that role results in a failure
Key: CASSANDRA-21059
URL: https://issues.apache.org/jira/browse/CASSANDRA-21059
Project: Apache Cassandra
Issue Type: Bug
Components: Legacy/CQL
Reporter: Stefan Miklosovic
{code}
cassandra@cqlsh> GRANT ALTER PERMISSION ON ROLE stefan TO stefan;
cassandra@cqlsh> exit
$ ./bin/cqlsh -u stefan -p defff
stefan@cqlsh> REVOKE ALTER PERMISSION ON ROLE stefan FROM stefan;
Unauthorized: Error from server: code=2100 [Unauthorized] message="User stefan
has no AUTHORIZE permission on <role stefan> or any of its parents"
{code}
Okay, while strange, not sure if this is a bug, I can assign AUTHORIZE
{code}
cassandra@cqlsh> GRANT AUTHORIZE PERMISSION ON ROLE stefan TO stefan;
stefan@cqlsh> REVOKE ALTER PERMISSION ON ROLE stefan FROM stefan;
this now passes
{code}
However, I would expect that when I revoke ALTER permission on a role from that
role, then that role will not be able to alter itself, right? Pretty logical
... but that is not the case! A user can alter itself even if it does not have
ALTER permission on itself.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
