[jira] [Updated] (NIFI-12741) Parameters does not work with "Access Restricted Components" - "Requiring 'access keytab'"

Wed, 31 Jul 2024 08:35:07 -0700 


     [ 
https://issues.apache.org/jira/browse/NIFI-12741?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Tamas Palfy updated NIFI-12741:
-------------------------------
    Fix Version/s: 1.28.0
                   2.0.0-M5
       Resolution: Fixed
           Status: Resolved  (was: Patch Available)

> Parameters does not work with "Access Restricted Components" - "Requiring 
> 'access keytab'"
> ------------------------------------------------------------------------------------------
>
>                 Key: NIFI-12741
>                 URL: https://issues.apache.org/jira/browse/NIFI-12741
>             Project: Apache NiFi
>          Issue Type: Bug
>            Reporter: Matthew Clarke
>            Assignee: David Szabo
>            Priority: Major
>             Fix For: 1.28.0, 2.0.0-M5
>
>          Time Spent: 40m
>  Remaining Estimate: 0h
>
> Parameters does not work with "Access Restricted Components" - "Requiring 
> 'access keytab'". 
> Reproduction steps:
> * User A has full permissions to child PG “test”
> * User A creates a parameter context that is mapped to this child PG
> * User A adds ConsumeKafka_2_6 processor
> * Admin user creates a keytab credentials service “kerb-test” within PG “test”
> * User A configures ConsumeKafKa_2_6 processor, selects “kerb-test”, and 
> clicks apply.  (all works as expected)
> * User A clicks on option to convert to parameter  on Kerberos Credentials 
> Service property in ConsumeKafla_2_6 processor and sets name to “kerb-test”. 
> Property Value now reflects “#{kerb-test}.  Click APPLY and encounter 
> exception: “Unable to modify Components requiring additional permission: 
> access keytab. Contact the system administrator. Contact the system 
> administrator.”  
> Verified parameter “kerb-test” was successfully added to parameter context on 
> child PG “test”
> User should be able to use parameter contexts to reference keytab credentials 
> service created on an authorized process PG. Policy should only block user 
> from being able to create a new keytab credentials service or modify an 
> existing keytab credentials service.  Ability to select an already created 
> keytab credentials service shoudl be controlled by authorized via "view the 
> component" policy on the controller service.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to