accumulo-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Josh Elser <>
Subject Re: "NOT" operator in visibility string
Date Mon, 10 Mar 2014 15:21:10 GMT
On 3/10/14, 11:00 AM, Philip A Grim II wrote:
> Josh Elser said:
> <snip>
> Second, the functionality is already present by the lack of providing
> the label which you want to negate. Categorizing data into static labels
> tends to be more manageable over using many roles. While enumerating the
> inverse of a negation is possible, it is valid that the marking may be
> much larger on disk than a representation using a negation.
> </snip>
> I’m having trouble with this – perhaps I’m not thinking of it the right way.
> How would you handle mutual exclusivity?  So, say I have a cell that I
> can mark M or F.  If it’s M, people with M can see it.  If it’s F,
> people with F can see it.  But people with M&F can see it either way,
> and I don’t want that.  If it’s marked F, I don’t want people with M
> seeing it.  So (F&!M) makes sense to denote that.

This is a bit of an edge case here. An example of what I was thinking about:

Say that your authorizations are job roles, e.g. "doctor", 
"receptionist", "mailman". You want to store a record that anyone but 
doctors can see. With negation support you could do the following:


But without negation, you're stuck enumerating every other role:


> Lacking that, the only way I can see to implement what I want is somehow in application
> business logic to make sure nobody gets assigned M and F at the same
> time…which breaks the model of letting Accumulo enforce visibility.
> Am I missing something?

I don't agree with you that your example "breaks the model" of 
visibilities. Accumulo has never made any assertions that it will apply 
application logic for you -- that's completely in the user's ballpark.

Typically, an assertion of "secure data" with Accumulo is a vetting of 
both the application's code and how Accumulo is used. In other words, 
the way you use Accumulo is also important. In your example, it is up to 
the application to enforce such application logic (seeing that no entity 
can be both M and F at the same time).

That being said, the Accumulo Authorizor interface may be of some use to 
you in validating that a user has valid Authorizations.

View raw message