I have users that I do not want them to truncate from a table in DSE, I used revoke MODIFY on ALL KEYSPACES from USER; I even used Restrict but still, the user can truncate. Is there anything I am missing ? is there any setting in Cassandra.yaml? The command I used to see all the permissions granted or revoked on a user is List all of user; or SELECT role, resource, restricted FROM system_auth.role_permissions WHERE role = 'user'; I would create a role and restrict truncation but they still ca truncate. screen shot of the list all of the user
Asked
Active
Viewed 193 times
0
-
The modify permission controls the truncation permissions, although do remember that revoke does not invalid cached credentials and permissions. Can you perform a `LIST ALL PERMISSIONS ON yourTable OF yourRoleOrUser` and include that in the question. There could be an inherited permission you are not seeing from a role. – Andrew Sep 02 '20 at 15:28
-
How can I find that out? I am restricting on a keyspace level which is the highest level and everything should inherit from it. Thank you Andrew for your help. – Turgut Sep 02 '20 at 17:09
-
The list permission command I included above – Andrew Sep 02 '20 at 18:24
-
I don't see anything that tells me or I am not understanding. There are four columns (Permission, granted, restricted, grantable) which one indicates the inherited permissions. – Turgut Sep 02 '20 at 18:32
-
TRUNCATE is the separate permission only in the DSE 6.8 – Alex Ott Sep 04 '20 at 16:57
-
How can I resolve this @AlexOtt – Turgut Sep 08 '20 at 14:31