[jira] [Commented] (NIFI-2695) Access Denied messages should include more information

Thu, 08 Dec 2016 08:31:24 -0800 

    [ 
https://issues.apache.org/jira/browse/NIFI-2695?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15732657#comment-15732657
 ] 

ASF GitHub Bot commented on NIFI-2695:
--------------------------------------

GitHub user mcgilman opened a pull request:

    https://github.com/apache/nifi/pull/1309

    NIFI-2695: Provide more meaningful authorization error messages

    NIFI-2695:
    - Providing more granular and meaningful authorization error messages.

You can merge this pull request into a Git repository by running:

    $ git pull https://github.com/mcgilman/nifi NIFI-2695

Alternatively you can review and apply these changes as the patch at:

    https://github.com/apache/nifi/pull/1309.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

    This closes #1309
    
----
commit eed61568c305cac5c29a989cbcf538ec526a6411
Author: Matt Gilman <[email protected]>
Date:   2016-12-08T16:29:32Z

    NIFI-2695:
    - Providing more granular and meaningful authorization error messages.

----


> Access Denied messages should include more information
> ------------------------------------------------------
>
>                 Key: NIFI-2695
>                 URL: https://issues.apache.org/jira/browse/NIFI-2695
>             Project: Apache NiFi
>          Issue Type: Improvement
>          Components: Core Framework, Core UI
>            Reporter: Jeff Storck
>            Assignee: Matt Gilman
>            Priority: Minor
>             Fix For: 1.2.0
>
>
> Access Denied errors should provide more information than just the statement 
> that access has been denied.  At a minimum, the component types (controller 
> service, processor, process group, etc) and IDs for which access was denied 
> should be provided in the message.
> For example, if the user is attempting to create a template that includes a 
> child process group that has a controller service for which the user does not 
> have read access, the request to create the template will be denied, and the 
> user will be informed that it was denied.  While this is correct, the user 
> (and perhaps the admin) does not have a clear indication of which component 
> involved in the request caused the request to be denied.
> If the component types and IDs (ie "Process Group 123456789") are shown in 
> the error message (and logs), the user (and admin) have direct information to 
> use to solve any policy changes that might need to be made to allow the 
> user's request to complete successfully.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to