Access Control?


Hi Experts,

I have several projects that shares the same cluster. What is the best way to do access control?
I.e. a user in one group can only do query/load data on their own data?




Hi Yushu,

I believe you are asking about general access controls that most databases out there have – things like “CREATE USER” and “GRANT SELECT ON TABLE TO USER”.
Unfortunately, SciDB currently doesn’t have any of these controls. There is no notion of “database users” - a user is whoever connects to scidb from iquery or a client. And there is no notion of array-level permissions. Everyone who’s connected to a SciDB instance will see all of the arrays and have access to all of them.

One thing you can do is create several SciDB installations on the same cluster (using different port numbers). That will just give you separate unix processes and separate files on disk - and so it will be a lot less likely for User A to destroy or clobber User B’s work. But there will be no security. Anyone will be able to connect to any instance if they want to.

That’s the state of affairs now. As SciDB matures, there will absolutely be a set of these features added. Pretty much every database has these features. But currently our line of thought is “those permission features have been implemented many times, but let’s focus on the array specific ops that are new, different and interesting.” That’s why we haven’t gone there yet.

We’ve just recently discussed a set of features to be included in the next release, and there’s a lot on the todo list, but this topic didn’t even come up. Do you think we should prioritize it higher? I would like to get a sense (for all different kinds of users we have) - how important this would be.

–Alex Poliakov