Github user JPercivall commented on the issue: https://github.com/apache/nifi/pull/694 Hey @jtstorck, the "View the data" and "Modify the data" policies are not being merged/properly taken into account when querying/working with provenance events. (In both scenarios the user is a part of the "query provenance" policy) First when a user doesn't have "Modify the data" on a component on one node, it will correctly deny any replay requests that are of events that originated on that node. That said, if an event that originated on another node is submitted for replay it will succeed. A potential problem with "View the data" comes about when one node doesn't have the "view the data" policy but the others do and you attempt to query provenance. As a user I would expect the most strict policy (deny) to be merged and I would not be able to "View the data" from any node. Unfortunately the way it works currently (I believe) is that the query gets sent to the node to vet and it will take into account any policies and return the events. Then the events are merged. This means that the user will be able to see events from the allowing nodes. I'm not sure there is currently a way to merge these properly/effectively. @mcgilman may have more insight.
--- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---