The secure_scan operator reads slices of a stored array based on user id and a preconfigured permissions array.

Synopsis

secure_scan(secured_array [ , strict: BOOLEAN ] );

Inputs

• secured_array – An array, previously created and stored in SciDB, that has a dataset dimension (see below).

• strict: BOOLEAN – When n the user has no access permission to the secured array, strict:true (the default) causes the query to abort with an "access denied" error, while strict:false returns an empty array without raising any error.

Summary

The secure_scan operator is similar to scan, but limits access to a stored array (the secured array) based on user id, as determined by a corresponding permissions array. The secured array is divided into datasets along a dataset dimension (called dataset_id by default). The secure_scan operator yields only those cells of the array with the dataset dimension values of the user's permitted datasets.

The permissions array lists the datatset_id values for the datasets that users may access. For a particular secured array, the binding to a permissions array and the name of the dataset dimension are configured by the system administrator. See https://paradigm4.atlassian.net/wiki/spaces/scidb/pages/2828831418/Configuring+The+secure_scan+Operator .

Example

Consider a secured array secured.images with schema

Each chunk of this array contains a single 1920x1080 color image.

When they call secure_scan(secured.images), users alice and bob will each see a different subset of those images, depending on which dataset_id values are prescribed for them in the permissions array.