[
https://issues.apache.org/jira/browse/NIFI-7884?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
David Handermann updated NIFI-7884:
-----------------------------------
Status: Patch Available (was: In Progress)
> Separate "read-filesystem" restricted permission into local file system and
> HDFS file system permissions
> --------------------------------------------------------------------------------------------------------
>
> Key: NIFI-7884
> URL: https://issues.apache.org/jira/browse/NIFI-7884
> Project: Apache NiFi
> Issue Type: Improvement
> Components: Core Framework, Extensions
> Affects Versions: 1.12.1
> Reporter: Andy LoPresto
> Assignee: David Handermann
> Priority: Major
> Labels: file-system, hdfs, restricted, security
> Time Spent: 10m
> Remaining Estimate: 0h
>
> Currently the {{read-filesystem}} value for {{RequiredPermission}} is used
> for both the processors which read directly from the local file system of the
> machine hosting NiFi ({{GetFile}}, {{ListFile}}, etc.) and the processors
> which read from external file systems like HDFS ({{GetHDFS}}, {{PutHDFS}},
> etc.). There are use cases where NiFi users should be able to interact with
> the HDFS file system without having permissions to access the local file
> system.
> This will also require introducing a global setting in {{nifi.properties}}
> that an admin can set to allow local file system access via the HDFS
> processors (default {{true}} for backward compatibility), and additional
> validation logic in the HDFS processors (ideally the abstract shared logic)
> to ensure that if this setting is disabled, the HDFS processors are not
> accessing the local file system via the {{file:///}} protocol in their
> configuration.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
