Home | About | Sematext search-lucene.com search-hadoop.com
NEW: Monitor These Apps!
elasticsearch, apache solr, apache hbase, hadoop, redis, casssandra, amazon cloudwatch, mysql, memcached, apache kafka, apache zookeeper, apache storm, ubuntu, centOS, red hat, debian, puppet labs, java, senseiDB
 Search Hadoop and all its subprojects:

Switch to Threaded View
Accumulo >> mail # user >> Setting appropriate user authorizations - how and what are the best practices


Copy link to this message
-
Re: Setting appropriate user authorizations - how and what are the best practices
On Mon, Aug 6, 2012 at 10:49 AM, John Armstrong <[EMAIL PROTECTED]> wrote:
> On 08/06/2012 10:45 AM, John Vines wrote:
>>
>> That error occurs when a user tried to do a scan with an authorization
>> they do not have granted to them. Make sure that the user has the
>> authorizations they are trying to scan with (if this is an unintended
>> error). Otherwise, it's working as intended.
>
>
> I ran into that myself, and it's easy enough (for me) to make sure users
> only ever request authorizations they've been granted, but it did make me
> wonder why throw an exception there?  Why not only apply the intersection of
> granted+requested authorizations and log a warning to note that an ungranted
> authorization was requested and ignored?

We used to intersect.  But users would not get data back, and not know
why.  Can't assume that a user will ever see a log message, like when
a webs server is doing the scan.

Also, the silent intersection could hide data from the user that they
would want to see without them knowing it.  I see the intersection
behavior as similar to a file system that returns a zero length file
when you do not have permission to read instead of an error.
NEW: Monitor These Apps!
elasticsearch, apache solr, apache hbase, hadoop, redis, casssandra, amazon cloudwatch, mysql, memcached, apache kafka, apache zookeeper, apache storm, ubuntu, centOS, red hat, debian, puppet labs, java, senseiDB