Home | About | Sematext search-lucene.com search-hadoop.com
 Search Hadoop and all its subprojects:

Switch to Threaded View
Accumulo >> mail # user >> Setting appropriate user authorizations - how and what are the best practices


Copy link to this message
-
Re: Setting appropriate user authorizations - how and what are the best practices
On Mon, Aug 6, 2012 at 10:49 AM, John Armstrong <[EMAIL PROTECTED]> wrote:
> On 08/06/2012 10:45 AM, John Vines wrote:
>>
>> That error occurs when a user tried to do a scan with an authorization
>> they do not have granted to them. Make sure that the user has the
>> authorizations they are trying to scan with (if this is an unintended
>> error). Otherwise, it's working as intended.
>
>
> I ran into that myself, and it's easy enough (for me) to make sure users
> only ever request authorizations they've been granted, but it did make me
> wonder why throw an exception there?  Why not only apply the intersection of
> granted+requested authorizations and log a warning to note that an ungranted
> authorization was requested and ignored?

We used to intersect.  But users would not get data back, and not know
why.  Can't assume that a user will ever see a log message, like when
a webs server is doing the scan.

Also, the silent intersection could hide data from the user that they
would want to see without them knowing it.  I see the intersection
behavior as similar to a file system that returns a zero length file
when you do not have permission to read instead of an error.