Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Group Permissions #48

Open
faustobranco opened this issue Mar 21, 2024 · 1 comment
Open

Group Permissions #48

faustobranco opened this issue Mar 21, 2024 · 1 comment

Comments

@faustobranco
Copy link

faustobranco commented Mar 21, 2024
edited
Loading

Is it possible to work with groups? My login is part of a group, as in the example below.
The group has permissions, so any other user in the group inherits the permissions?

cassandra@cqlsh> Select * from system_auth.roles;

 role                                                                             | can_login | is_superuser | member_of | salted_hash
----------------------------------------------------------------------------------+-----------+--------------+-----------+--------------------------------------------------------------
 CN=cassandra-admins,OU=UserSecurityGroups,OU=SecurityGroups,DC=mydomain,DC=local |      True |         True |      null |                                                         null
                                                                        cassandra |      True |         True |      null | $2a$10$p.Skn4WmhbRK84Q1CgJyUuMxh907.4lJEx.OqZiczvbtyruoIzsD.
                            CN=Fausto Branco,OU=UserAccounts,DC=mydomain,DC=local |      True |        False |      null |                                                         null
                                 CN=servicedn,OU=AppAccounts,DC=mydomain,DC=local |      True |         True |      null |                                                         null



Filter: sAMAccountName=fausto.branco
requesting: (memberof=CN=cassandra-admins,OU=UserSecurityGroups,OU=SecurityGroups,DC=mydomain,DC=local)
# extended LDIF
#
# LDAPv3
# base <OU=UserAccounts,DC=mydomain,DC=local> with scope subtree
# filter: sAMAccountName=fausto.branco
# requesting: (memberof=CN=cassandra-admins,OU=UserSecurityGroups,OU=SecurityGroups,DC=mydomain,DC=local)
#

# Fausto Branco, UserAccounts, mydomain.local
dn: CN=Fausto Branco,OU=UserAccounts,DC=mydomain,DC=local

# search result
search: 3
result: 0 Success

# numResponses: 2
# numEntries: 1

What version of Cassandra are you using?

Cassandra 4.0.4

What version of Cassandra LDAP are you using?

LDAP v4.0.7-1.0.0

What did you do?

I created a Role with the group I'm part of

What did you expect to see?

Permissions inherited from the group or login, as I am part of the group
@smiklosovic
Copy link
Collaborator

You can set default role a user will be assigned to by default_role_membership property as described in the readme, otherwise I do not understand your question.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@smiklosovic @faustobranco