Github user alopresto commented on a diff in the pull request:
https://github.com/apache/nifi/pull/1247#discussion_r88792735
--- Diff: nifi-docs/src/main/asciidoc/developer-guide.adoc ---
@@ -565,6 +565,23 @@ for instance, they should not be
relied upon for critical business logic.
+[[restricted]]
+=== Restricted
+
+A Restricted component is one that can be used to execute arbitrary
unsanitized code provided by the operator
+through the NiFi REST API/UI or can be used to obtain or alter data on the
NiFi host system using the NiFi OS
+credentials. These components could be used by an otherwise authorized
NiFi user to go beyond the intended use of
+the application, escalate privilege, or could expose data about the
internals of the NiFi process or the host
+system. All of these capabilities should be considered privileged, and
admins should be aware of these
+capabilities and explicitly enable them for a subset of trusted users.
+
+A Processor, Controller Service, or Reporting Task can be marked with the
@Restricted annotation. This
--- End diff --
Maybe indicate `@Restricted` in code-formatting for consistency throughout
document?
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at [email protected] or file a JIRA ticket
with INFRA.
---
