[
https://issues.apache.org/jira/browse/NIFI-4885?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Matt Gilman reopened NIFI-4885:
-------------------------------
Just noticed an issue with the recently introduced granular component
restrictions with regards to flow versioning. Specifically, flow versioning is
requiring access to the broad permission regardless of any component specified
granular restrictions. Instead, we should be allowing the component to
authorize based on each restriction it has.
> More granular restricted component categories
> ---------------------------------------------
>
> Key: NIFI-4885
> URL: https://issues.apache.org/jira/browse/NIFI-4885
> Project: Apache NiFi
> Issue Type: Bug
> Components: Core Framework, Core UI
> Reporter: Matt Gilman
> Assignee: Matt Gilman
> Priority: Major
> Fix For: 1.6.0
>
>
> Update the Restricted annotation to support more granular categories.
> Available categories will map to new access policies. Example categories and
> their corresponding access policies may be
> * read-filesystem (/restricted-components/read-filesystem)
> * write-filesystem (/restricted-components/write-filesystem)
> * code-execution (/restricted-components/code-execution)
> * keytab-access (/restricted-components/keytab-access)
> The hierarchical nature of the access policies will support backward
> compatibility with existing installations where the policy of
> /restricted-components was used to enforce all subcategories. Any users with
> /restricted-components permissions will be granted access to all
> subcategories. In order to leverage the new granular categories, an
> administrator will need to use NiFi to update their access policies (remove a
> user from /restricted-components and place them into the desired subcategory)
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
