Hi Andy, Thanks for your reply. I don’t recall seeing the modify data policy in the user interface. Is it possible this is something I would have to change at the back end?
I don’t have the system in front of me now, will have to confirm tomorrow. Regards, Phil On Thu, 4 Jun 2020 at 11:18, Andy LoPresto <[email protected]> wrote: > Hi Phil, > > You might have uncovered a gap in the permission policy. Have you tried > using the “modify the data” permission [1]? If a user does not have write > permission to the queue, I think they can empty it but not modify/delete > the queue itself. > > I am speculating here because I haven’t had a chance to verify, but I > suspect that the same write permission which allows a user to clear the > queue would allow them to delete it as well. This may be something we could > mitigate by using the “operate” permission, but I would have to validate > this behavior first. > > Hope this helps for now. > > [1] > https://nifi.apache.org/docs/nifi-docs/html/administration-guide.html#component-level-access-policies > > Andy LoPresto > [email protected] > [email protected] > He/Him > PGP Fingerprint: 70EC B3E5 98A6 5A3F D3C4 BACE 3C6E F65B 2F7D EF69 > > > On Jun 3, 2020, at 4:08 PM, Phil H <[email protected]> wrote: > > > > Hi there, > > > > I am trying to stratify my userbase. I need to allow certain users/groups > > the ability to clear queues, but cannot find the right policy to allow > that > > without also allowing them to delete queues, which I absolutely don’t > want > > to do. > > > > Am currently using 1.9.2 (putting off the upgrade process!) > > > > Regards, > > Phil > >
