Return-Path: X-Original-To: apmail-accumulo-dev-archive@www.apache.org Delivered-To: apmail-accumulo-dev-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 3A827D36E for ; Mon, 6 Aug 2012 16:59:03 +0000 (UTC) Received: (qmail 81351 invoked by uid 500); 6 Aug 2012 16:59:03 -0000 Delivered-To: apmail-accumulo-dev-archive@accumulo.apache.org Received: (qmail 81310 invoked by uid 500); 6 Aug 2012 16:59:03 -0000 Mailing-List: contact dev-help@accumulo.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@accumulo.apache.org Delivered-To: mailing list dev@accumulo.apache.org Received: (qmail 81297 invoked by uid 99); 6 Aug 2012 16:59:03 -0000 Received: from issues-vm.apache.org (HELO issues-vm) (140.211.11.160) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 06 Aug 2012 16:59:03 +0000 Received: from isssues-vm.apache.org (localhost [127.0.0.1]) by issues-vm (Postfix) with ESMTP id A3CD414052D for ; Mon, 6 Aug 2012 16:59:02 +0000 (UTC) Date: Mon, 6 Aug 2012 16:59:02 +0000 (UTC) From: "Keith Turner (JIRA)" To: dev@accumulo.apache.org Message-ID: <888333194.17373.1344272342673.JavaMail.jiratomcat@issues-vm> Subject: [jira] [Commented] (ACCUMULO-246) Improve scan authorizations behavior MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 [ https://issues.apache.org/jira/browse/ACCUMULO-246?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13429261#comment-13429261 ] Keith Turner commented on ACCUMULO-246: --------------------------------------- bq. Correction - I am proposing four levels for unauthorized scan: SILENT, WARN, ERROR, LOCK. That interesting, and very different from what I was thinking. Those four level imply a table level configuration, which implies a user having permission to set that configuration. I was thinking of a scanner configuration that a user could set to either silently intersect or error. It would default to the current behavior or erroring. > Improve scan authorizations behavior > ------------------------------------ > > Key: ACCUMULO-246 > URL: https://issues.apache.org/jira/browse/ACCUMULO-246 > Project: Accumulo > Issue Type: Task > Components: client > Reporter: Billie Rinaldi > Labels: authorization, scan > Fix For: 1.5.0 > > > When a user creates a scanner a set of Authorizations is passed. If the authorizations passed to the scanner are not a subset of the user's authorizations, then an exception is thrown. An alternative would be to intersect the set of scan authorizations with the user's authorizations. Many users have had trouble understanding the "silent intersection" behavior, which resulted in switching to throwing an Exception. However, in situations where the user's authorizations are lazily updated, and for very long running scans, intersection would be preferable. Possible fixes are 1) adding a flag to indicate whether to intersect or throw an exception or 2) making it easier for the user to perform the intersection manually (which would fix some issues, but not the long-running scans). -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa For more information on JIRA, see: http://www.atlassian.com/software/jira