I think you know this already, but I'm not 100% sure based on your
message: trying to change the labels on the data is a bad idea. If you
need to handle a case where a label means one thing on day1 and another
thing on day2, you would need to build the logic to handle that.
The only other thing I thought of is that you will have to write code
that updates your "trusted user" to have all of the authorization labels
that you might use. Even the Accumulo "superuser" must have the proper
authorizations set that you want to use.
On 9/10/18 9:40 AM, Rob Verkuylen wrote:
Hi,
I'm designing a table where the ColumnVisibility is based off of labels
within the data as it comes in. I know the formatting, but not the exact
label names and the labels change over time.
Based on the labels of the data which I can use for ColumnVisibility and
the user's access to certain labels(determined via LDAP group
memberchip) I want to use the labels as a filtering mechanism.
Questions are: Is this the best approach? Obviously this works client
side, but I want to push the filtering to the server. It seems that I
need to assign every possible label to a user, to get access to it.
Ideally I would have a trusted used with all access and the query engine
extracts the labels from the current user and uses them as authorisation
labels.
I guess this is also possible with (custom?) filtering on the server,
but this would seem the ideal use case for visibility labels with
Accumulo to me.
Thnx, Rob
