David Handermann created NIFI-15403:
---------------------------------------
Summary: Remove Read Flow Authorization from Current User method
Key: NIFI-15403
URL: https://issues.apache.org/jira/browse/NIFI-15403
Project: Apache NiFi
Issue Type: Improvement
Components: Core Framework
Reporter: David Handermann
Assignee: David Handermann
The {{/flow/current-user}} REST API method currently requires the {{READ}}
privilege on the {{Flow}} resource, aligning with other methods in the
{{FlowResource}} class. The {{current-user}} method, however, provides
information about the authenticated user, in addition to permission details for
various operations, and the status of logout support based on the authenticated
credentials.
Based on the capabilities of the Current User method, the requirement for
{{READ}} on the {{Flow}} resource should be removed. Removing the authorization
allows users who are authenticated, but not authorized, to log out and clear
current session credentials.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
