Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[docs] Document that YCQL role is given full permissions on objects it creates #2374

Closed
jameshartig opened this issue Sep 19, 2019 · 1 comment
Assignees
Labels
area/documentation Documentation needed area/ycql Yugabyte CQL (YCQL) community/request Issues created by external users

Comments

@jameshartig
Copy link
Contributor

When a role creates a keyspace it is given full permissions: ['ALTER', 'AUTHORIZE', 'CREATE', 'DROP', 'MODIFY', 'SELECT'] on that keyspace. That's not documented anywhere on the docs sites as far as I can tell and was originally confusing to me since I didn't give the role any other permissions besides CREATE.

@kmuthukk kmuthukk added the area/documentation Documentation needed label Sep 19, 2019
@yugabyte-ci yugabyte-ci added community/request Issues created by external users and removed area/documentation Documentation needed labels Sep 19, 2019
@bmatican bmatican assigned m-iancu and unassigned hectorgcr Oct 2, 2020
@bmatican bmatican added area/documentation Documentation needed area/ycql Yugabyte CQL (YCQL) labels Oct 2, 2020
@stevebang stevebang assigned ddorian and unassigned stevebang Oct 26, 2020
@stevebang stevebang changed the title [docs][YCQL] Document that role is given full permissions on objects it creates [docs]Document that YCQL role is given full permissions on objects it creates Oct 26, 2020
@stevebang stevebang changed the title [docs]Document that YCQL role is given full permissions on objects it creates [docs] Document that YCQL role is given full permissions on objects it creates Oct 26, 2020
@ddorian
Copy link
Contributor

ddorian commented Nov 2, 2020

This is mentioned in https://docs.yugabyte.com/latest/api/ycql/ddl_grant_permission/:

When a database object is created (keyspace, table, or role), an automatic and explicit grant of all the permissions relevant to the object are granted to the role creating it.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
area/documentation Documentation needed area/ycql Yugabyte CQL (YCQL) community/request Issues created by external users
Projects
None yet
Development

No branches or pull requests

8 participants