Hi,
It’s sounds like we require a separate flag as to whether any given username or
role may appear in such an informative 403 message. That is, wherever we sa
that X is granted access, we have an optional flag on X to say if we can
disclose its right of access to others, defaulting to false if
Totally agree it’s information leakage - that’s why I found it surprising that
this was their desired mode of operation. It works when there’s a relatively
small set of labels that get applied to data, and the labels themselves are not
all that confidential.
Adam
> On Apr 3, 2019, at 5:53 PM,
One parenthetical...
> From: "Adam Kocoloski"
>
> On a somewhat-related note, I have had conversations before with
> folks who are keen to adopt these sorts of fine-grained access
> control systems who said they actually prefer to have a 403
> Forbidden response list the set of privileges that w
I’m also in favor of dropping Scenario 3.
One topic we may have discussed in the past but I wanted to close out here: in
the relational database world it’s not uncommon to use materialized views as an
access control mechanism to selectively expose contents of a table to clients
who cannot acces
> On 2. Apr 2019, at 15:10, Adam Kocoloski wrote:
>
>
>> On Apr 2, 2019, at 8:10 AM, Jan Lehnardt wrote:
>>
>>> On 28. Mar 2019, at 12:01, Garren Smith wrote:
>>>
>>> In terms of keeping mango indexes up to date, we should be able to update
>>> all existing indexes in the same transaction