accumulo-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher <>
Subject Re: Custom authorisation
Date Mon, 11 Jun 2018 22:14:46 GMT
Yes, that's certainly one option. You could develop a Query Service Layer
which wraps Accumulo's API, implements its own authorization policy, and
then uses a singular set of credentials to authenticate to Accumulo.

Personally, I call this the "Database User" approach, since it is a common
strategy when using traditional relational databases where a set of
database credentials are stored in an application's own configuration
somewhere, and the application implements its own security policies within
the application which are separate from the database credentials.

Another option is to make use of Accumulo's "pluggable" Authentication and
Authorization interfaces and to provide your own implementation on your
class path. See:

Note: this is an advanced feature, and it may require substantial
investment to develop and maintain a secure implementation suitable for
your situation.

On Thu, May 24, 2018 at 11:36 AM mhd wrk <> wrote:

> Hi,
> What are the best practices for Accumulo to implement a custom
> authorisation module where user authorisations assigned dynamically based
> on different attributes like time, location and ...
> Is implementing "Query Services Layer
> <>"
> recommended for power users who access Accumulo for large data analysis via
> clients like Spark?
> Thanks,
> Mohammad

View raw message