accumulo-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Keith Turner <>
Subject Re: Setting appropriate user authorizations - how and what are the best practices
Date Mon, 06 Aug 2012 15:02:32 GMT
On Mon, Aug 6, 2012 at 10:49 AM, John Armstrong <> wrote:
> On 08/06/2012 10:45 AM, John Vines wrote:
>> That error occurs when a user tried to do a scan with an authorization
>> they do not have granted to them. Make sure that the user has the
>> authorizations they are trying to scan with (if this is an unintended
>> error). Otherwise, it's working as intended.
> I ran into that myself, and it's easy enough (for me) to make sure users
> only ever request authorizations they've been granted, but it did make me
> wonder why throw an exception there?  Why not only apply the intersection of
> granted+requested authorizations and log a warning to note that an ungranted
> authorization was requested and ignored?

We used to intersect.  But users would not get data back, and not know
why.  Can't assume that a user will ever see a log message, like when
a webs server is doing the scan.

Also, the silent intersection could hide data from the user that they
would want to see without them knowing it.  I see the intersection
behavior as similar to a file system that returns a zero length file
when you do not have permission to read instead of an error.

View raw message