tpalfy commented on PR #8475: URL: https://github.com/apache/nifi/pull/8475#issuecomment-1979418892
> @tpalfy Thanks for the quick turnaround. How would the client know if a user has read access permission to a component? By checking all those field returns on each violation and implicitly determining based on all those fields' values being `null`? I think a better approach would be to include `permissions.canRead` or some other explicit property in the response data model like we do elsewhere. > > cc @mcgilman Check `result.subjectPermission.canRead` on client side and hide/discard the result when false is a good approach. As far as UX goes, that would work without this PR. This PR is needed to make sure that unauthorized data isn't even received by the client at all. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@nifi.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org