Return-Path: 
 <accumulo-user-return-120-apmail-incubator-accumulo-user-archive=incubator.apache.org@incubator.apache.org>
X-Original-To: apmail-incubator-accumulo-user-archive@minotaur.apache.org
Delivered-To: apmail-incubator-accumulo-user-archive@minotaur.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id 49D4693AA
	for <apmail-incubator-accumulo-user-archive@minotaur.apache.org>;
 Fri, 16 Dec 2011 14:24:31 +0000 (UTC)
Received: (qmail 45446 invoked by uid 500); 16 Dec 2011 14:24:31 -0000
Delivered-To: apmail-incubator-accumulo-user-archive@incubator.apache.org
Received: (qmail 45415 invoked by uid 500); 16 Dec 2011 14:24:31 -0000
Mailing-List: contact accumulo-user-help@incubator.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:accumulo-user-help@incubator.apache.org>
List-Unsubscribe: <mailto:accumulo-user-unsubscribe@incubator.apache.org>
List-Post: <mailto:accumulo-user@incubator.apache.org>
List-Id: <accumulo-user.incubator.apache.org>
Reply-To: accumulo-user@incubator.apache.org
Delivered-To: mailing list accumulo-user@incubator.apache.org
Received: (qmail 45316 invoked by uid 99); 16 Dec 2011 14:24:31 -0000
Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230)
    by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 16 Dec 2011 14:24:31 +0000
X-ASF-Spam-Status: No, hits=2.2 required=5.0
	tests=HTML_MESSAGE,RCVD_IN_DNSWL_LOW,SPF_NEUTRAL
X-Spam-Check-By: apache.org
Received-SPF: neutral (nike.apache.org: local policy)
Received: from [209.85.161.175] (HELO mail-gx0-f175.google.com)
 (209.85.161.175)
    by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 16 Dec 2011 14:24:21 +0000
Received: by ggnh1 with SMTP id h1so2911047ggn.6
        for <accumulo-user@incubator.apache.org>;
 Fri, 16 Dec 2011 06:24:00 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=lyrically.net; s=google;
        h=mime-version:in-reply-to:references:from:date:message-id:subject:to
         :content-type;
        bh=2hlRiHh4kCIjfJAJnGJWC9v1cWQtAkwwZ/kyH/WSY+U=;
        b=cM1LOGIElztz0oNlDhzgQxzXQCZdtOKIMZ+RQhyARdM4HqhAUg1TavRn7H7zSvF81p
         7kPjwcwf+Zc6oU/b7FzKNGExT5bvWYwGJpu+Yg6mBA7rq+G+hu5eIsHyx5KgG7RhP4/v
         xDzlz+TxRbEHoi1E+fb7Yuj1hCBwk8TzTSRXU=
Received: by 10.182.111.7 with SMTP id ie7mr4093233obb.4.1324045440147; Fri,
 16 Dec 2011 06:24:00 -0800 (PST)
MIME-Version: 1.0
Received: by 10.182.85.105 with HTTP; Fri, 16 Dec 2011 06:23:39 -0800 (PST)
In-Reply-To: 
 <35302348.119380.1324045132333.JavaMail.root@linzimmb04o.imo.intelink.gov>
References: 
 <CAC5i+BnrVEngiVGzuMZKbfz6CnaakGuqw0f8mHgJaKtekKofrA@mail.gmail.com>
 <35302348.119380.1324045132333.JavaMail.root@linzimmb04o.imo.intelink.gov>
From: John Stoneham <lyric@lyrically.net>
Date: Fri, 16 Dec 2011 09:23:39 -0500
Message-ID: 
 <CAC5i+BntGgjWCzsKCD3W9p0Q985uvq0pPFA7LP7rcNiT7U5quA@mail.gmail.com>
Subject: Re: Passing scan authorizations that exceed the Accumulo user's
 authorizations
To: accumulo-user@incubator.apache.org
Content-Type: multipart/alternative; boundary=14dae9399835205f4904b4365a2d
X-Virus-Checked: Checked by ClamAV on apache.org

--14dae9399835205f4904b4365a2d
Content-Type: text/plain; charset=ISO-8859-1

On Fri, Dec 16, 2011 at 9:18 AM, Billie J Rinaldi <billie.j.rinaldi@ugov.gov
> wrote:

> It sounds like you always want to scan with all the authorizations your
> user has.  In that case, you don't need a list of all possible
> authorizations to pass in -- just pass in the user's actual authorizations,
> which can be retrieved with
> connector.securityOperations().getUserAuthorizations(user).
>

Currently, I want to scan using the intersection of my (human) user's
authorizations and the Accumulo (application) user's authorizations. What
you've listed is the call I'm using to get the Accumulo user's
authorizations. But if my user were to have an authorization that, for some
reason, had been removed from the Accumulo user, or that was available on
one deployment or cluster but not on another, I'd have a problem unless I
performed this intersection in the application.

-- 
John Stoneham
lyric@lyrically.net

--14dae9399835205f4904b4365a2d
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

<div class=3D"gmail_quote">On Fri, Dec 16, 2011 at 9:18 AM, Billie J Rinald=
i <span dir=3D"ltr">&lt;<a href=3D"mailto:billie.j.rinaldi@ugov.gov">billie=
.j.rinaldi@ugov.gov</a>&gt;</span> wrote:<br><blockquote class=3D"gmail_quo=
te" style=3D"margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"=
>

<div class=3D"im">It sounds like you always want to scan with all the autho=
rizations your user has. =A0In that case, you don&#39;t need a list of all =
possible authorizations to pass in -- just pass in the user&#39;s actual au=
thorizations, which can be retrieved with</div>


connector.securityOperations().getUserAuthorizations(user).<span class=3D"H=
OEnZb"><font color=3D"#888888"><br></font></span></blockquote><div><br></di=
v><div>Currently, I want to scan using the intersection of my (human) user&=
#39;s authorizations and the Accumulo (application) user&#39;s authorizatio=
ns. What you&#39;ve listed is the call I&#39;m using to get the Accumulo us=
er&#39;s authorizations. But if my user were to have an authorization that,=
 for some reason, had been removed from the Accumulo user, or that was avai=
lable on one deployment or cluster but not on another, I&#39;d have a probl=
em unless I performed this intersection in the application.</div>

</div><div><br></div>-- <br>John Stoneham<br><a href=3D"mailto:lyric@lyrica=
lly.net">lyric@lyrically.net</a><br>

--14dae9399835205f4904b4365a2d--