Roger that. Makes sense. Although, I find the policies with Registry a bit non-intuitive. This is a good example. If I come up with a recommendation - which might be as simple as adding or modifying the mouseover information - I'll let you know.
Thanks Bryan. On Wed, Jan 6, 2021 at 9:30 AM Bryan Bende <[email protected]> wrote: > This is expected behavior... > > Saving or pulling the flow is happening on behalf of the end user in > nifi which is being proxied by the nifi server over to registry. In > this case, the nifi server only needs proxy permissions. > > Checking the status of all the versioned PGs happens in the background > as the nifi server itself, so it needs read access to all buckets. > > On Wed, Jan 6, 2021 at 9:22 AM Mark Bean <[email protected]> wrote: > > > > I created a new bucket in NiFi Registry without making it publicly > visible. > > Then, I added myself to the policies on the bucket with Read, Write and > > Delete permissions; I did not add the Apache NiFi server to the policies. > > > > In Apache NiFi, I added a flow to the Registry. I could also pull this > flow > > from the Registry duplicating the process group in the flow. > > > > The status of the version controlled process group indicates "?" (sync > > failure). In the nifi-registry-app.log, I see a corresponding INFO > message > > indicating the Apache NiFi server "does not have permission to access the > > requested resource" where the resource is the bucket mentioned above. I > > expect this since I have not yet added the NiFi server to the policies > for > > the bucket. > > > > Is this expected behavior? > > > > I would expect that the flow could not be created in the bucket nor > pulled > > from the bucket until the NiFi server is added to the policies for the > > bucket. Yet, I was able to perform both operations. > > > > NiFi Registry, 0.8.0 > > Apache NiFi 1.11.4 > > > > Thanks, > > Mark >
