-Re: Setting appropriate user authorizations - how and what are the best practices
On Mon, Aug 6, 2012 at 10:49 AM, John Armstrong <[EMAIL PROTECTED]> wrote:
> On 08/06/2012 10:45 AM, John Vines wrote:
>> That error occurs when a user tried to do a scan with an authorization
>> they do not have granted to them. Make sure that the user has the
>> authorizations they are trying to scan with (if this is an unintended
>> error). Otherwise, it's working as intended.
> I ran into that myself, and it's easy enough (for me) to make sure users
> only ever request authorizations they've been granted, but it did make me
> wonder why throw an exception there? Why not only apply the intersection of
> granted+requested authorizations and log a warning to note that an ungranted
> authorization was requested and ignored?
We used to intersect. But users would not get data back, and not know
why. Can't assume that a user will ever see a log message, like when
a webs server is doing the scan.
Also, the silent intersection could hide data from the user that they
would want to see without them knowing it. I see the intersection
behavior as similar to a file system that returns a zero length file
when you do not have permission to read instead of an error.