Matthew Clarke created NIFI-12741:
-------------------------------------
Summary: Parameters does not work with "Access Restricted
Components" - "Requiring 'access keytab'"
Key: NIFI-12741
URL: https://issues.apache.org/jira/browse/NIFI-12741
Project: Apache NiFi
Issue Type: Bug
Reporter: Matthew Clarke
Parameters does not work with "Access Restricted Components" - "Requiring
'access keytab'".
Reproduction steps:
* User A has full permissions to child PG “test”
* User A creates a parameter context that is mapped to this child PG
* User A adds ConsumeKafka_2_6 processor
* Admin user creates a keytab credentials service “kerb-test” within PG “test”
* User A configures ConsumeKafKa_2_6 processor, selects “kerb-test”, and clicks
apply. (all works as expected)
* User A clicks on option to convert to parameter on Kerberos Credentials
Service property in ConsumeKafla_2_6 processor and sets name to “kerb-test”.
Property Value now reflects “#{kerb-test}. Click APPLY and encounter
exception: “Unable to modify Components requiring additional permission: access
keytab. Contact the system administrator. Contact the system administrator.”
Verified parameter “kerb-test” was successfully added to parameter context on
child PG “test”
User should be able to use parameter contexts to reference keytab credentials
service created on an authorized process PG. Policy should only block user from
being able to create a new keytab credentials service or modify an existing
keytab credentials service. Ability to select an already created keytab
credentials service shoudl be controlled by authorized via "view the component"
policy on the controller service.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
