[jira] [Commented] (NIFI-2554) Components with references to Controller Services should limit configuration options based on CS policies
[ https://issues.apache.org/jira/browse/NIFI-2554?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15421648#comment-15421648 ] ASF GitHub Bot commented on NIFI-2554: -- Github user asfgit closed the pull request at: https://github.com/apache/nifi/pull/860 > Components with references to Controller Services should limit configuration > options based on CS policies > - > > Key: NIFI-2554 > URL: https://issues.apache.org/jira/browse/NIFI-2554 > Project: Apache NiFi > Issue Type: Bug >Reporter: Joseph Percivall >Assignee: Matt Gilman >Priority: Critical > Fix For: 1.0.0 > > > Take the situation below: > * InvokeHTTP processor I have view and modify permissions for > * There are multiple SSL contexts some of which I do not have view or modify > access to > * I am able to change the SSL Context Service property of the InvokeHTTP > processor to use a Controller service I do not have access to > This should not be allowed. The user should not be able to create references > to Controller Services they cannot view or modify. > That said, since the user has the explicit permission to modify the > processor, the user should be able to keep property referencing a CS they > can't view/modify if someone else configured it that way. > The UI will need to be explicit in conveying this to the user since it will > be a bit complicated (limiting a user's options when configuring a component > they have full access to) -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (NIFI-2554) Components with references to Controller Services should limit configuration options based on CS policies
[ https://issues.apache.org/jira/browse/NIFI-2554?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15421647#comment-15421647 ] ASF subversion and git services commented on NIFI-2554: --- Commit 7d8dd27027b42134d4825f3d5a5da6aedb962b1a in nifi's branch refs/heads/master from [~mcgilman] [ https://git-wip-us.apache.org/repos/asf?p=nifi.git;h=7d8dd27 ] NIFI-2554: - Requiring READ permissions on the referenced controller service when creating/updating processors, controller services, and reporting tasks. - Preventing client side selection of unauthorized controller services unless they were the previously configured value. This closes #860. Signed-off-by: Bryan Bende> Components with references to Controller Services should limit configuration > options based on CS policies > - > > Key: NIFI-2554 > URL: https://issues.apache.org/jira/browse/NIFI-2554 > Project: Apache NiFi > Issue Type: Bug >Reporter: Joseph Percivall >Assignee: Matt Gilman >Priority: Critical > Fix For: 1.0.0 > > > Take the situation below: > * InvokeHTTP processor I have view and modify permissions for > * There are multiple SSL contexts some of which I do not have view or modify > access to > * I am able to change the SSL Context Service property of the InvokeHTTP > processor to use a Controller service I do not have access to > This should not be allowed. The user should not be able to create references > to Controller Services they cannot view or modify. > That said, since the user has the explicit permission to modify the > processor, the user should be able to keep property referencing a CS they > can't view/modify if someone else configured it that way. > The UI will need to be explicit in conveying this to the user since it will > be a bit complicated (limiting a user's options when configuring a component > they have full access to) -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (NIFI-2554) Components with references to Controller Services should limit configuration options based on CS policies
[ https://issues.apache.org/jira/browse/NIFI-2554?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15421173#comment-15421173 ] ASF GitHub Bot commented on NIFI-2554: -- GitHub user mcgilman opened a pull request: https://github.com/apache/nifi/pull/860 Enforcing READ permissions when referencing ControllerServices NIFI-2554: - Requiring READ permissions on the referenced controller service when creating/updating processors, controller services, and reporting tasks. - Preventing client side selection of unauthorized controller services unless they were the previously configured value. You can merge this pull request into a Git repository by running: $ git pull https://github.com/mcgilman/nifi NIFI-2554 Alternatively you can review and apply these changes as the patch at: https://github.com/apache/nifi/pull/860.patch To close this pull request, make a commit to your master/trunk branch with (at least) the following in the commit message: This closes #860 commit 53827d0a0a5786ba2dcd5239fab40f4bd540002e Author: Matt GilmanDate: 2016-08-15T15:49:05Z NIFI-2554: - Requiring READ permissions on the referenced controller service when creating/updating processors, controller services, and reporting tasks. - Preventing client side selection of unauthorized controller services unless they were the previously configured value. > Components with references to Controller Services should limit configuration > options based on CS policies > - > > Key: NIFI-2554 > URL: https://issues.apache.org/jira/browse/NIFI-2554 > Project: Apache NiFi > Issue Type: Bug >Reporter: Joseph Percivall >Assignee: Matt Gilman >Priority: Critical > Fix For: 1.0.0 > > > Take the situation below: > * InvokeHTTP processor I have view and modify permissions for > * There are multiple SSL contexts some of which I do not have view or modify > access to > * I am able to change the SSL Context Service property of the InvokeHTTP > processor to use a Controller service I do not have access to > This should not be allowed. The user should not be able to create references > to Controller Services they cannot view or modify. > That said, since the user has the explicit permission to modify the > processor, the user should be able to keep property referencing a CS they > can't view/modify if someone else configured it that way. > The UI will need to be explicit in conveying this to the user since it will > be a bit complicated (limiting a user's options when configuring a component > they have full access to) -- This message was sent by Atlassian JIRA (v6.3.4#6332)