On Mon, Feb 16, 2015 at 7:26 PM, Srikanth Viswanathan <[email protected]> wrote: [snip]
> I will try to summarize my updated understanding of the issue based on > your replies: > [snip] Do let me know if my observation above has any inaccuracies. > > Seems reasonable. > As a side note, it did help me a lot to think about visibilities as > *data classifications* rather than visibilities, considering that > there are so many similar-sounding terms in the Accumulo security > model (authentication, permissions, authorization, ...) > > [snip] Not trying to confuse this point any further, but I think of the table/system permissions as coarse-grained RBAC, and the visibilities (data classifications) as either ABAC or fine-grained RBAC, depending on your data model. It sounds like using them as RBAC is perfectly reasonable for your situation. -- Christopher L Tubbs II http://gravatar.com/ctubbsii
