I think you will probably want to create a middle-layer between the user and Accumulo, to satisfy that use case. The middle layer can have its own authorizations, and will perform the scan operation on behalf of the user, checking its authorizations only when a new scan is submitted.
On Fri, Aug 16, 2019 at 2:00 PM Tianlai Dong <[email protected]> wrote: > > Hi, > > I am trying to figure out a solution for the following use case: > > A user starts a table scan and user authorizations change before the scan is > finished. The user is able to finish the scan with the authorizations that > are valid at the time the scan is initiated. > > I am using Accumulo 1.7.2 and did a test for the use case with Accumulo > shell. I got BAD AUTHORIZATIONS error when the authorizations change, which > is expected. > > I think what I need is to capture and store user authorizations for each > scan. But I am not sure how I should configure Accumulo to differentiate > different scans and query for the corresponding authorizations. > Am I on the right track? > > Thanks, > Tianlai
