markap14 commented on issue #3536: NIFI-6380: Introduced the notion of Parameters and Parameter Contexts… URL: https://github.com/apache/nifi/pull/3536#issuecomment-511414281 @mcgilman thanks for the review - again :) I am not opposed to the idea of automatically setting the Parameter Context to the same as the parent's when a Process Group is created. From a User Experience point of view, it's probably a good idea. The only real concern that I have is that in order to do that, we'd have to first receive the request, determine if the user has permissions to the parent group's Parameter Context, and if so, set it on the request before replicating. If any node then determined that the user doesn't have the READ policy for the Parameter Context (of course different nodes could see the permissions differently if they are periodically syncing with an external authority provider), then the result will be that the request is rejected. So the user has all permissions that they should, and the request still gets rejected due to insufficient permissions, because they don't have READ on the parent's Parameter Context. Now, this is certainly a corner case, so if you think we should go ahead and do this anyway I'm happy to make the change. But wanted to just run that scenario by you and get your feedback on that first. Regarding permissions of Binding & Un-binding: you're right - the current approach is inconsistent with how it works with Controller Services. Have updated code. Will push a new commit. Good catch!
---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected] With regards, Apache Git Services
