[jira] [Commented] (NIFI-12741) Parameters does not work with "Access Restricted Components" - "Requiring 'access keytab'"

[ASF subversion and git services (Jira)]

    [ 
https://issues.apache.org/jira/browse/NIFI-12741?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17869936#comment-17869936
 ] 

ASF subversion and git services commented on NIFI-12741:
--------------------------------------------------------

Commit 5fbfb0eaf14f14ed106dcbf9a8464c4bf41cee82 in nifi's branch 
refs/heads/support/nifi-1.x from David Szabo
[ https://gitbox.apache.org/repos/asf?p=nifi.git;h=5fbfb0eaf1 ]

NIFI-12741 - Remove write permission requirement for the referenced controller 
service when changing component property referencing a controller service 
through parameter

This closes #9093.

Signed-off-by: Tamas Palfy <tpa...@apache.org>


> Parameters does not work with "Access Restricted Components" - "Requiring 
> 'access keytab'"
> ------------------------------------------------------------------------------------------
>
>                 Key: NIFI-12741
>                 URL: https://issues.apache.org/jira/browse/NIFI-12741
>             Project: Apache NiFi
>          Issue Type: Bug
>            Reporter: Matthew Clarke
>            Assignee: David Szabo
>            Priority: Major
>          Time Spent: 0.5h
>  Remaining Estimate: 0h
>
> Parameters does not work with "Access Restricted Components" - "Requiring 
> 'access keytab'". 
> Reproduction steps:
> * User A has full permissions to child PG “test”
> * User A creates a parameter context that is mapped to this child PG
> * User A adds ConsumeKafka_2_6 processor
> * Admin user creates a keytab credentials service “kerb-test” within PG “test”
> * User A configures ConsumeKafKa_2_6 processor, selects “kerb-test”, and 
> clicks apply.  (all works as expected)
> * User A clicks on option to convert to parameter  on Kerberos Credentials 
> Service property in ConsumeKafla_2_6 processor and sets name to “kerb-test”. 
> Property Value now reflects “#{kerb-test}.  Click APPLY and encounter 
> exception: “Unable to modify Components requiring additional permission: 
> access keytab. Contact the system administrator. Contact the system 
> administrator.”  
> Verified parameter “kerb-test” was successfully added to parameter context on 
> child PG “test”
> User should be able to use parameter contexts to reference keytab credentials 
> service created on an authorized process PG. Policy should only block user 
> from being able to create a new keytab credentials service or modify an 
> existing keytab credentials service.  Ability to select an already created 
> keytab credentials service shoudl be controlled by authorized via "view the 
> component" policy on the controller service.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)