[ 
https://issues.apache.org/jira/browse/NIFI-4885?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16390166#comment-16390166
 ] 

ASF GitHub Bot commented on NIFI-4885:
--------------------------------------

Github user andrewmlim commented on the issue:

    https://github.com/apache/nifi/pull/2515
  
    @mcgilman 
    I tested your latest changes and they look good.  A couple minor things to 
address:
    
    - In the message "Only listing restriction specific users. Users with 
permission "regardless of restriction" not shown but are also allowed."  should 
add an "s" to the second instance of "restriction".  So the correct message 
reads:
    
    Only listing restriction specific users. Users with permission "regardless 
of restrictions" not shown but are also allowed.
    
    - The following text is used in a tooltip and doc:
    
    "Allows users to create/modify restricted components assuming otherwise 
sufficient permissions” 
    
    I thought this might be more clear:
    
    “Allows users to create/modify restricted components assuming other 
permissions are sufficient”
    
    -In the Admin and User Guides, change the content to:
    
    Allows users to create/modify restricted components assuming other 
permissions are sufficient. The restricted components may indicate which 
specific permissions are required. Permissions can be granted for specific 
restrictions or be granted regardless of restrictions. If permission is granted 
regardless of restrictions, the user can create/modify all restricted 
components.


> More granular restricted component categories
> ---------------------------------------------
>
>                 Key: NIFI-4885
>                 URL: https://issues.apache.org/jira/browse/NIFI-4885
>             Project: Apache NiFi
>          Issue Type: Bug
>          Components: Core Framework, Core UI
>            Reporter: Matt Gilman
>            Assignee: Matt Gilman
>            Priority: Major
>
> Update the Restricted annotation to support more granular categories. 
> Available categories will map to new access policies. Example categories and 
> their corresponding access policies may be
>  * read-filesystem (/restricted-components/read-filesystem)
>  * write-filesystem (/restricted-components/write-filesystem)
>  * code-execution (/restricted-components/code-execution)
>  * keytab-access (/restricted-components/keytab-access)
> The hierarchical nature of the access policies will support backward 
> compatibility with existing installations where the policy of 
> /restricted-components was used to enforce all subcategories. Any users with 
> /restricted-components permissions will be granted access to all 
> subcategories. In order to leverage the new granular categories, an 
> administrator will need to use NiFi to update their access policies (remove a 
> user from /restricted-components and place them into the desired subcategory)



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Reply via email to