[
https://issues.apache.org/jira/browse/NIFI-15403?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
David Handermann updated NIFI-15403:
------------------------------------
Component/s: Security
> Remove Read Flow Authorization from Current User method
> -------------------------------------------------------
>
> Key: NIFI-15403
> URL: https://issues.apache.org/jira/browse/NIFI-15403
> Project: Apache NiFi
> Issue Type: Improvement
> Components: Core Framework, Security
> Reporter: David Handermann
> Assignee: David Handermann
> Priority: Minor
> Time Spent: 10m
> Remaining Estimate: 0h
>
> The {{/flow/current-user}} REST API method currently requires the {{READ}}
> privilege on the {{Flow}} resource, aligning with other methods in the
> {{FlowResource}} class. The {{current-user}} method, however, provides
> information about the authenticated user, in addition to permission details
> for various operations, and the status of logout support based on the
> authenticated credentials.
> Based on the capabilities of the Current User method, the requirement for
> {{READ}} on the {{Flow}} resource should be removed. Removing the
> authorization allows users who are authenticated, but not authorized, to log
> out and clear current session credentials.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
