[
https://issues.apache.org/jira/browse/NIFI-1733?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15391976#comment-15391976
]
ASF GitHub Bot commented on NIFI-1733:
--------------------------------------
Github user bbende commented on the issue:
https://github.com/apache/nifi/pull/574
@YolandaMDavis thanks for reviewing! Working on some changes based on your
feedback.
Regarding the need for RangerBasePluginWithPolicies... unfortunately the
PolicyEngine is a private member variable of RangerBasePlugin and there is no
getter for it, so no way to access it. I think most other plugins would never
need to, but for NiFi we need to know if the reason for denying access was
because no policy exists for the resource, or because a specific policy exists
that doesn't match the incoming request.
So the best I could come up with was to intercept when the policies are
refreshed and store the resource ids so that when RangerAccessResult
getIsAllowed() returns false we can then do a second check to see if there was
even a policy for the given resource, and if not then return resource not
found, rather than denied.
> Create Authorizer implementation that uses Apache Ranger
> --------------------------------------------------------
>
> Key: NIFI-1733
> URL: https://issues.apache.org/jira/browse/NIFI-1733
> Project: Apache NiFi
> Issue Type: Improvement
> Reporter: Bryan Bende
> Assignee: Bryan Bende
> Priority: Minor
> Fix For: 1.0.0
>
>
> In NIFI-1552 we defined a new Authorizer API for 1.0.0.
> In addition to the standard file-based Authorizer, we should provide an
> Authorizer implementation that uses Apache Ranger.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
