Return-Path: X-Original-To: apmail-accumulo-user-archive@www.apache.org Delivered-To: apmail-accumulo-user-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 5454F10AE2 for ; Mon, 30 Dec 2013 22:50:23 +0000 (UTC) Received: (qmail 95216 invoked by uid 500); 30 Dec 2013 22:50:22 -0000 Delivered-To: apmail-accumulo-user-archive@accumulo.apache.org Received: (qmail 95184 invoked by uid 500); 30 Dec 2013 22:50:22 -0000 Mailing-List: contact user-help@accumulo.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: user@accumulo.apache.org Delivered-To: mailing list user@accumulo.apache.org Received: (qmail 95174 invoked by uid 99); 30 Dec 2013 22:50:22 -0000 Received: from minotaur.apache.org (HELO minotaur.apache.org) (140.211.11.9) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 30 Dec 2013 22:50:22 +0000 Received: from localhost (HELO mail-lb0-f179.google.com) (127.0.0.1) (smtp-auth username ctubbsii, mechanism plain) by minotaur.apache.org (qpsmtpd/0.29) with ESMTP; Mon, 30 Dec 2013 22:50:22 +0000 Received: by mail-lb0-f179.google.com with SMTP id w7so5939770lbi.10 for ; Mon, 30 Dec 2013 14:50:20 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; bh=vHloDm9eZQSxNp/GT47J62lR2RhcVl3Lv0cHiyY53/4=; b=Hr1HSQwo2/rif2fopgWm162HECdiVr02l5UI5hNTmrHoPbbhGJ/uGTXY18QMKoMc3q 1pKEugHB1H1RpZKcwO2udn1cXOc7pXNCPO+U/13hWFvImA24/LlvkKIumIiHggiYwb/t MTpNzJ9MuPNyJkY2xsEQD2EB06kP9Rd5g06mHuhUdXQzhWyUyVXqZBhIDYr/JgxpGN/F eIcwyNCMfrU2RR6Y0eyDDqXpr1rAR9l/b5Mf2H8MM+7cqxqAknGuylNsk3cWDX2HNOmh HlfK+zUBXGEq7oMtiUgKKLQkKuGaYFy2ZBie+3pB7Oh3rLoR0jrA86LAgPm/u/PM7Ut3 WGjw== MIME-Version: 1.0 X-Received: by 10.152.180.66 with SMTP id dm2mr73354lac.88.1388443820332; Mon, 30 Dec 2013 14:50:20 -0800 (PST) Received: by 10.114.18.228 with HTTP; Mon, 30 Dec 2013 14:50:20 -0800 (PST) In-Reply-To: References: Date: Mon, 30 Dec 2013 17:50:20 -0500 Message-ID: Subject: Re: when a security token is compromised? From: Christopher To: user@accumulo.apache.org Content-Type: text/plain; charset=UTF-8 To be clear, Accumulo also has per-user security tokens, which are tied to the user, not the data. These are used for user authentication. Once a user is authenticated, the labels on the data are used for filtering the data for that user's authorizations. -- Christopher L Tubbs II http://gravatar.com/ctubbsii On Mon, Dec 16, 2013 at 5:02 PM, Michael Allen wrote: > You got it. :) > > > On Mon, Dec 16, 2013 at 4:56 PM, Sujee Maniyam wrote: >> >> >> On Mon, Dec 16, 2013 at 1:40 PM, Michael Allen wrote: >>> >>> Hi Sujee, I'm not exactly following you when you are talking about a >>> "security token". Are you maybe referring to the visibility labels within >>> the cell level security feature of Accumulo? >> >> >> yes, I meant the cell level 'visibility token' >> >> So I guess, that kind of answers my question :-) >> These are not super-secret tokens... just visibility levels. >> Admins grants the visibility levels per user , to control access >> >> >