Github user JPercivall commented on the issue:
https://github.com/apache/nifi/pull/694
Hey @jtstorck, the "View the data" and "Modify the data" policies are not
being merged/properly taken into account when querying/working with provenance
events. (In both scenarios the user is a part of the "query provenance" policy)
First when a user doesn't have "Modify the data" on a component on one
node, it will correctly deny any replay requests that are of events that
originated on that node. That said, if an event that originated on another node
is submitted for replay it will succeed.
A potential problem with "View the data" comes about when one node doesn't
have the "view the data" policy but the others do and you attempt to query
provenance. As a user I would expect the most strict policy (deny) to be merged
and I would not be able to "View the data" from any node. Unfortunately the way
it works currently (I believe) is that the query gets sent to the node to vet
and it will take into account any policies and return the events. Then the
events are merged. This means that the user will be able to see events from the
allowing nodes. I'm not sure there is currently a way to merge these
properly/effectively.
@mcgilman may have more insight.
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---
