Endre Kovacs created NIFIREG-325:
------------------------------------
Summary: support specifying group for 'NiFi Identity' to grant
permission to proxy user requests
Key: NIFIREG-325
URL: https://issues.apache.org/jira/browse/NIFIREG-325
Project: NiFi Registry
Issue Type: Improvement
Affects Versions: 1.0.0
Reporter: Endre Kovacs
Assignee: Endre Kovacs
Fix For: 1.0.0
As documented in
[https://nifi.apache.org/docs/nifi-registry-docs/html/administration-guide.html#fileaccesspolicyprovider]
one can specify NiFi node identities to grant permission to proxy user requests
and bucket read permission.
What I'd like to propose is to be able to provider a group name there.:
{code:xml}
<accessPolicyProvider>
<identifier>file-access-policy-provider</identifier>
<class>org.a.n.r.s.authorization.file.FileAccessPolicyProvider</class>
<property name="Authorizations
File">./conf/authorizations.xml</property>
<property name="User Group Provider">...</property>
<property name="Initial Admin Identity">...</property>
<property name="Identity Group
Name">my-group</property></accessPolicyProvider>
{code}
which in turn would bless that group with the same permissions as described in
the admin guide for {code}NiFi Identity{code} (proxying user request and bucket
read).
This feature would be very similar to what
https://issues.apache.org/jira/browse/NIFI-5542 does.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
