Kevin Doran created NIFIREG-75: ---------------------------------- Summary: FileUserGroupProvider allows updating a group to contain unknown users Key: NIFIREG-75 URL: https://issues.apache.org/jira/browse/NIFIREG-75 Project: NiFi Registry Issue Type: Bug Reporter: Kevin Doran Assignee: Kevin Doran
In FileUserGroupProvider, when a new group is created, all the users in the group are checked to ensure they are known to the FileUserGroupProvider prior to creating the group. However, when a group is updated, a similar check does not exist, allowing one to add invalid users to a group. This gets the server in a bad state with unexpected behavior surrounding authorization actions. Note that this logic was ported from NiFi, so NiFi should probably be updated with the same fix after verifying this is the intended behavior (having the check on update). -- This message was sent by Atlassian JIRA (v6.4.14#64029)