This is the code that scans use to filter based on column visibility and authorizations. It has a cache of previously seen column visibilities and the decision that was made for those.
https://github.com/apache/accumulo/blob/2e171cdb8420f817ff9ebeb23f9d8a70b0878ca5/core/src/main/java/org/apache/accumulo/core/iterators/system/VisibilityFilter.java The following code does the evaluation. https://github.com/apache/accumulo/blob/f81a8ec7410e789d11941351d5899b8894c6a322/core/src/main/java/org/apache/accumulo/core/security/VisibilityEvaluator.java On Fri, Mar 23, 2018 at 1:10 PM, Michael Ladakos <mdlada...@gmail.com> wrote: > > ---------- Forwarded message ---------- > From: Michael Ladakos <mdlada...@gmail.com> > Date: Fri, Mar 23, 2018 at 12:32 PM > Subject: Large numbers of authorizations > To: user@accumulo.apache.org > > > I am somewhat new to Accumulo and was doing some experimentation on > consequences for using large numbers of authorizations. > > I found that a user with a large set of authorizations would take a great > deal of time to perform a scan. I tested at various increments up to 100,000 > authorizations. At that point, it would take at least 25 seconds to perform > the scan, even if the table was newly created with no rows. > > Performing a scan with a small subset of authorizations is equivalent to > performing a query with a user that only has a small number of > authorizations. > > I attempted to find the place in the code where whatever is being done, > because I wanted to understand what caused this, but I wasn't able to track > down the exact class. Any chance I could get an explanation or pointed in > the right direction? > > Thanks! >
