accumulo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Josh Elser <>
Subject Re: "NOT" operator in visibility string
Date Mon, 10 Mar 2014 17:14:07 GMT
>>> > >
>>> > >This seems very complicated and easy for users to get wrong.
>>> > >
>>> > >
>> >
>> >I agree that this is adding a significant amount of complexity. One option
>> >would be to annotate NOT as advisory, or to specify in the docs that it'd
>> >be up to the application layer to enforce the inclusion of the minimal set.
>> >(then again, that leaves even more room for erroneous implementations)
>> >
> If we are going to do it, I think we should try to come up with a design
> that solves end-to-end use cases. The not op seems useful but also
> dangerous, there is a real possibility of unintended data leakage.  A
> minimal authorization set is a solution.  Are there other solutions? Ones
> that better translate a users intent into constraints in the system.

Another snippet from HBase writeups that caught my eye was the idea of 
supporting both read and write visibilities. What we have right now is 
read, with a bit of write visibilities (using the VisibilityConstraint). 
The downside is that you can't let someone read data without writing to it.

That might be something else to consider as I can see it being a common 
use-case. (although it might merit its own line of work completely)

View raw message