Matthew Clarke created NIFI-12741: ------------------------------------- Summary: Parameters does not work with "Access Restricted Components" - "Requiring 'access keytab'" Key: NIFI-12741 URL: https://issues.apache.org/jira/browse/NIFI-12741 Project: Apache NiFi Issue Type: Bug Reporter: Matthew Clarke
Parameters does not work with "Access Restricted Components" - "Requiring 'access keytab'". Reproduction steps: * User A has full permissions to child PG “test” * User A creates a parameter context that is mapped to this child PG * User A adds ConsumeKafka_2_6 processor * Admin user creates a keytab credentials service “kerb-test” within PG “test” * User A configures ConsumeKafKa_2_6 processor, selects “kerb-test”, and clicks apply. (all works as expected) * User A clicks on option to convert to parameter on Kerberos Credentials Service property in ConsumeKafla_2_6 processor and sets name to “kerb-test”. Property Value now reflects “#{kerb-test}. Click APPLY and encounter exception: “Unable to modify Components requiring additional permission: access keytab. Contact the system administrator. Contact the system administrator.” Verified parameter “kerb-test” was successfully added to parameter context on child PG “test” User should be able to use parameter contexts to reference keytab credentials service created on an authorized process PG. Policy should only block user from being able to create a new keytab credentials service or modify an existing keytab credentials service. Ability to select an already created keytab credentials service shoudl be controlled by authorized via "view the component" policy on the controller service. -- This message was sent by Atlassian Jira (v8.20.10#820010)