Github user alopresto commented on the issue:
https://github.com/apache/nifi/pull/1247
The issues with cleaning the content_repository were local to my machine. I
resolved those with @markap14 's help. Now I set up two client certificates and
two user identities -- myself and "Matt". We have the same permissions except
that Andy can add restricted components and Matt cannot.
I then began adding components while logged in as Andy and Matt in separate
windows. Andy was able to add and modify *restricted* components, while Matt
was not.
<img width="1920" alt="Side by side canvases as different users"
src="https://cloud.githubusercontent.com/assets/798465/20460020/ac5564c8-ae8a-11e6-94c0-52e278122c15.png";>
I really like the small shield icon in the Add Processor dialog which has
hover text explaining the restriction.
I think we can do more to indicate the restrictions, however. In the Add
Processor dialog, I think it makes sense to put a textual indicator in the
description area at the bottom above the processor description -- perhaps red
text saying "Restricted Processor". I also think we should update the
restricted processors with a *Restricted* tag so they can be quickly enumerated
from the tag cloud or search field. I should be able to type "restr..." and see
a list of all the restricted processors.
I also think it makes sense to show the shield icon (I was originally going
to suggest a lock icon but I do like the shield) on processors that are already
on the canvas. I think this will also help users who have a processor which we
have now decided is restricted already on their canvas and they suddenly do not
have access to it because of the new policy enforcement.
I am willing to +1 and merge this (I made one small checkstyle correction
in `ITProcessorAccessControl.java` in Javadoc to resolve an issue), but would
like to hear from @mcgilman how much work would be involved in addressing the
minor suggestions I made above. They could be separated into a new enhancement
Jira if necessary, pending release vote timing, as I think the current work
does meet what was discussed in the original Jira.
Thanks Matt.
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at [email protected] or file a JIRA ticket
with INFRA.
---
![https://cloud.githubusercontent.com/assets/798465/20460020/ac5564c8-ae8a-11e6-94c0-52e278122c15.png"](https://cloud.githubusercontent.com/assets/798465/20460020/ac5564c8-ae8a-11e6-94c0-52e278122c15.png"){kind=link}
