On Mon, Aug 6, 2012 at 10:49 AM, John Armstrong <[email protected]> wrote: > On 08/06/2012 10:45 AM, John Vines wrote: >> >> That error occurs when a user tried to do a scan with an authorization >> they do not have granted to them. Make sure that the user has the >> authorizations they are trying to scan with (if this is an unintended >> error). Otherwise, it's working as intended. > > > I ran into that myself, and it's easy enough (for me) to make sure users > only ever request authorizations they've been granted, but it did make me > wonder why throw an exception there? Why not only apply the intersection of > granted+requested authorizations and log a warning to note that an ungranted > authorization was requested and ignored?
We used to intersect. But users would not get data back, and not know why. Can't assume that a user will ever see a log message, like when a webs server is doing the scan. Also, the silent intersection could hide data from the user that they would want to see without them knowing it. I see the intersection behavior as similar to a file system that returns a zero length file when you do not have permission to read instead of an error.
