accumulo-notifications mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Christopher Tubbs (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (ACCUMULO-894) add user and authorization information to the iterator environment or initialization
Date Fri, 18 Jul 2014 03:28:04 GMT

    [ https://issues.apache.org/jira/browse/ACCUMULO-894?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14065971#comment-14065971
] 

Christopher Tubbs commented on ACCUMULO-894:
--------------------------------------------

One case where this might be useful is to provide iterators the ability to filter based on
the user or some attribute of the user. For example, we could use this mechanism to filter
the metadata table, so users only see metadata for tables they have some table permission
for (read/write/etc.). Injecting the user would allow us to look up the user's permissions.

Another example might be to configure a single permanent per-table scan iterator to behave
differently, depending on whether it was being run by an application user or an actual user.

Another example might be for an iterator that does audit logging and just needs to see which
user is executing the scan.

I can think of other hypothetical examples, but mainly, I think it'd be useful just to allow
user iterators the flexibility to do novel things by giving them more information about the
scan session. I can't think of anything pressing that would warrant keeping the issue open,
though... just some vague examples that might be useful if somebody revisits this in the future.

> add user and authorization information to the iterator environment or initialization
> ------------------------------------------------------------------------------------
>
>                 Key: ACCUMULO-894
>                 URL: https://issues.apache.org/jira/browse/ACCUMULO-894
>             Project: Accumulo
>          Issue Type: New Feature
>          Components: tserver
>            Reporter: Eric Newton
>            Assignee: Keith Turner
>
> A few times we've wanted to have user-specific behavior, especially with respect to authorizations.
 Unfortunately, this information is not available within the user-level iterators during scans.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

Mime
View raw message