[jira] [Updated] (NIFIREG-325) support specifying group for 'NiFi Identity' to grant permission to proxy user requests

Thu, 03 Oct 2019 11:51:18 -0700 


     [ 
https://issues.apache.org/jira/browse/NIFIREG-325?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Endre Kovacs updated NIFIREG-325:
---------------------------------
    Description: 
As documented in

[https://nifi.apache.org/docs/nifi-registry-docs/html/administration-guide.html#fileaccesspolicyprovider]

one can specify NiFi node identities to grant permission to proxy user requests 
and bucket read permission.
 
What I'd like to propose is to be able to provider a group name there.: 

{code:xml}
   <accessPolicyProvider>
        <identifier>file-access-policy-provider</identifier>
        <class>org.a.n.r.s.authorization.file.FileAccessPolicyProvider</class>
        <property name="Authorizations 
File">./conf/authorizations.xml</property>
        <property name="User Group Provider">...</property>
        <property name="Initial Admin Identity">...</property>
        <property name="Identity Group Name">my-group</property>
</accessPolicyProvider>
{code}
which in turn would bless that group with the same permissions as described in 
the admin guide for {code}NiFi Identity{code} (proxying user request and bucket 
read).


This feature would be very similar to what  
https://issues.apache.org/jira/browse/NIFI-5542 does.

  was:
As documented in

[https://nifi.apache.org/docs/nifi-registry-docs/html/administration-guide.html#fileaccesspolicyprovider]

one can specify NiFi node identities to grant permission to proxy user requests 
and bucket read permission.
 
What I'd like to propose is to be able to provider a group name there.: 

{code:xml}
   <accessPolicyProvider>
        <identifier>file-access-policy-provider</identifier>
        <class>org.a.n.r.s.authorization.file.FileAccessPolicyProvider</class>
        <property name="Authorizations 
File">./conf/authorizations.xml</property>
        <property name="User Group Provider">...</property>
        <property name="Initial Admin Identity">...</property>
        <property name="Identity Group 
Name">my-group</property></accessPolicyProvider>
{code}
which in turn would bless that group with the same permissions as described in 
the admin guide for {code}NiFi Identity{code} (proxying user request and bucket 
read).


This feature would be very similar to what  
https://issues.apache.org/jira/browse/NIFI-5542 does.


> support specifying group for 'NiFi Identity' to grant permission to proxy 
> user requests
> ---------------------------------------------------------------------------------------
>
>                 Key: NIFIREG-325
>                 URL: https://issues.apache.org/jira/browse/NIFIREG-325
>             Project: NiFi Registry
>          Issue Type: Improvement
>    Affects Versions: 1.0.0
>            Reporter: Endre Kovacs
>            Assignee: Endre Kovacs
>            Priority: Major
>             Fix For: 1.0.0
>
>          Time Spent: 10m
>  Remaining Estimate: 0h
>
> As documented in
> [https://nifi.apache.org/docs/nifi-registry-docs/html/administration-guide.html#fileaccesspolicyprovider]
> one can specify NiFi node identities to grant permission to proxy user 
> requests and bucket read permission.
>  
> What I'd like to propose is to be able to provider a group name there.: 
> {code:xml}
>    <accessPolicyProvider>
>         <identifier>file-access-policy-provider</identifier>
>         <class>org.a.n.r.s.authorization.file.FileAccessPolicyProvider</class>
>         <property name="Authorizations 
> File">./conf/authorizations.xml</property>
>         <property name="User Group Provider">...</property>
>         <property name="Initial Admin Identity">...</property>
>         <property name="Identity Group Name">my-group</property>
> </accessPolicyProvider>
> {code}
> which in turn would bless that group with the same permissions as described 
> in the admin guide for {code}NiFi Identity{code} (proxying user request and 
> bucket read).
> This feature would be very similar to what  
> https://issues.apache.org/jira/browse/NIFI-5542 does.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Reply via email to