Home | About | Sematext search-lucene.com search-hadoop.com
NEW: Monitor These Apps!
elasticsearch, apache solr, apache hbase, hadoop, redis, casssandra, amazon cloudwatch, mysql, memcached, apache kafka, apache zookeeper, apache storm, ubuntu, centOS, red hat, debian, puppet labs, java, senseiDB
 Search Hadoop and all its subprojects:

Switch to Plain View
Accumulo >> mail # user >> hierarchical authorizations?


Copy link to this message
-
hierarchical authorizations?
Hi, I'm evaluating accumulo for a project where we'll need to secure the
data based on hierarchical authorizations, using the CAPCO security
guidelines.

I have the authorizations U, C, S, and TS, and my data only has one of
these (not multiples).

I need to allow a user with a U to only see U data.  That's easy enough.
 But a user with C should be able to see both U and C.  A user with S
should be able to see U, C, and S, and a TS user should be able to see them
all.

Can I set these rules up globally, (like I can with Oracle Label Security)?
 Or do I need to explicitly grant U,C to the C user, U,C,S to the S user,
and U,C,S,TS to the TS user?

--
Regards,
Kevin Pauli
+
Josh Elser 2012-12-27, 19:21
NEW: Monitor These Apps!
elasticsearch, apache solr, apache hbase, hadoop, redis, casssandra, amazon cloudwatch, mysql, memcached, apache kafka, apache zookeeper, apache storm, ubuntu, centOS, red hat, debian, puppet labs, java, senseiDB