[
https://issues.apache.org/jira/browse/NIFI-14391?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
endzeit updated NIFI-14391:
---------------------------
Description:
Currently, when configuring a NiFi cluster with OIDC authentication, the
FileAccessPolicyProvider requires specifying a single, statically defined user
for initial administrator permissions. This necessitates the use of a dedicated
service account or relies on a specific user's availability during cluster
setup.
This issue proposes enhancing the FileAccessPolicyProvider to support the
configuration of an initial administrator group (e.g., 'dinos') instead of a
single user. This would leverage the group information provided by the Identity
Provider and streamline the initial rights management process, eliminating the
reliance on individual user accounts.
Specifically, we suggest adding a configuration option, such as "Initial Admin
Group," to the FileAccessPolicyProvider. This would allow administrators to
specify a group that should be granted initial administrative privileges upon
cluster startup.
This enhancement would improve the manageability of NiFi clusters in OIDC
environments by providing a more flexible and robust approach to initial
administrator rights assignment.
was:
Currently, when configuring a NiFi cluster with OIDC authentication, the
FileAccessPolicyProvider requires specifying a single, statically defined user
for initial administrator permissions. This necessitates the use of a dedicated
service account or relies on a specific user's availability during cluster
setup.
This issue proposes enhancing the FileAccessPolicyProvider to support the
configuration of an initial administrator group (e.g., 'X') instead of a single
user. This would leverage the group information provided by the Identity
Provider and streamline the initial rights management process, eliminating the
reliance on individual user accounts.
Specifically, we suggest adding a configuration option, such as "Initial Admin
Group," to the FileAccessPolicyProvider. This would allow administrators to
specify a group that should be granted initial administrative privileges upon
cluster startup.
This enhancement would improve the manageability of NiFi clusters in OIDC
environments by providing a more flexible and robust approach to initial
administrator rights assignment.
> Support Initial Admin Group Configuration in FileAccessPolicyProvider
> ---------------------------------------------------------------------
>
> Key: NIFI-14391
> URL: https://issues.apache.org/jira/browse/NIFI-14391
> Project: Apache NiFi
> Issue Type: New Feature
> Reporter: endzeit
> Priority: Major
>
> Currently, when configuring a NiFi cluster with OIDC authentication, the
> FileAccessPolicyProvider requires specifying a single, statically defined
> user for initial administrator permissions. This necessitates the use of a
> dedicated service account or relies on a specific user's availability during
> cluster setup.
> This issue proposes enhancing the FileAccessPolicyProvider to support the
> configuration of an initial administrator group (e.g., 'dinos') instead of a
> single user. This would leverage the group information provided by the
> Identity Provider and streamline the initial rights management process,
> eliminating the reliance on individual user accounts.
> Specifically, we suggest adding a configuration option, such as "Initial
> Admin Group," to the FileAccessPolicyProvider. This would allow
> administrators to specify a group that should be granted initial
> administrative privileges upon cluster startup.
> This enhancement would improve the manageability of NiFi clusters in OIDC
> environments by providing a more flexible and robust approach to initial
> administrator rights assignment.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
