[
https://issues.apache.org/jira/browse/NIFI-2696?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15446774#comment-15446774
]
Joseph Witt commented on NIFI-2696:
-----------------------------------
i believe only the uuid should be provided and while I recognize that is less
awesome for the user being denied it also ensure we're not releasing more
information than we intend to.
Or by component type did you mean "You do not have access to controller service
with id 8675309"?
I was originally thinking you meant "You do not have access to 'My SSL Context
Controller Service' with id 8675309".
> Access Denied messages should include more information
> ------------------------------------------------------
>
> Key: NIFI-2696
> URL: https://issues.apache.org/jira/browse/NIFI-2696
> Project: Apache NiFi
> Issue Type: Improvement
> Components: Core Framework, Core UI
> Reporter: Jeff Storck
> Priority: Minor
> Fix For: 1.1.0
>
>
> Access Denied errors should provide more information than just the statement
> that access has been denied. At a minimum, the component types and IDs for
> which access was denied should be provided in the message.
> For example, if the user is attempting to create a template that includes a
> child process group that has a controller service for which the user does not
> have read access, the request to create the template will be denied, and the
> user will be informed that it was denied. While this is correct, the user
> (and perhaps the admin) does not have a clear indication of which component
> involved in the request caused the request to be denied.
> If the component types and IDs are shown in the error message (and logs), the
> user (and admin) have direct information to use to solve any policy changes
> that might need to be made to allow the user's request to complete
> successfully.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
