Github user jtstorck commented on the issue:
https://github.com/apache/nifi/pull/694
Regarding the concerns with the viewing data, our current implementation
looks correct. The queries for provenance events are run on each node
invidually, and each event is unique to the node on which it occurred; there is
no concept of merging a particular provenance event across nodes in the
cluster. Per node, the configured authorizer is used to check for the current
permissions for each event returned by the query. The results returned to the
client are correct based on the per-node authorizer checks performed at the
time of the query. Using the AbstractPolicyBasedAuthorizer, this case will not
occur, since the policies are forced to be in sync across the cluster. Using
any delegating authorizer, NiFi does not have control over the actual policies,
and therefore can only operate based on the decision made by the authorizer on
the particular node from which it was called.
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at [email protected] or file a JIRA ticket
with INFRA.
---
