subject:"\[jira\] \[Commented\] \(NIFI\-2554\) Components with references to Controller Services should limit configuration options based on CS policies"

[jira] [Commented] (NIFI-2554) Components with references to Controller Services should limit configuration options based on CS policies

2016-08-15 Thread ASF GitHub Bot (JIRA)


[ 
https://issues.apache.org/jira/browse/NIFI-2554?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15421648#comment-15421648
 ] 

ASF GitHub Bot commented on NIFI-2554:
--

Github user asfgit closed the pull request at:

https://github.com/apache/nifi/pull/860


> Components with references to Controller Services should limit configuration 
> options based on CS policies
> -
>
> Key: NIFI-2554
> URL: https://issues.apache.org/jira/browse/NIFI-2554
> Project: Apache NiFi
>  Issue Type: Bug
>Reporter: Joseph Percivall
>Assignee: Matt Gilman
>Priority: Critical
> Fix For: 1.0.0
>
>
> Take the situation below:
> * InvokeHTTP processor I have view and modify permissions for
> * There are multiple SSL contexts some of which I do not have view or modify 
> access to
> * I am able to change the SSL Context Service property of the InvokeHTTP 
> processor to use a Controller service I do not have access to
> This should not be allowed. The user should not be able to create references 
> to Controller Services they cannot view or modify. 
> That said, since the user has the explicit permission to modify the 
> processor,  the user should be able to keep property referencing a CS they 
> can't view/modify if someone else configured it that way.
> The UI will need to be explicit in conveying this to the user since it will 
> be a bit complicated (limiting a user's options when configuring a component 
> they have full access to)



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Commented] (NIFI-2554) Components with references to Controller Services should limit configuration options based on CS policies

2016-08-15 Thread ASF subversion and git services (JIRA)


[ 
https://issues.apache.org/jira/browse/NIFI-2554?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15421647#comment-15421647
 ] 

ASF subversion and git services commented on NIFI-2554:
---

Commit 7d8dd27027b42134d4825f3d5a5da6aedb962b1a in nifi's branch 
refs/heads/master from [~mcgilman]
[ https://git-wip-us.apache.org/repos/asf?p=nifi.git;h=7d8dd27 ]

NIFI-2554: - Requiring READ permissions on the referenced controller service 
when creating/updating processors, controller services, and reporting tasks.
- Preventing client side selection of unauthorized controller services unless 
they were the previously configured value.

This closes #860.

Signed-off-by: Bryan Bende 


> Components with references to Controller Services should limit configuration 
> options based on CS policies
> -
>
> Key: NIFI-2554
> URL: https://issues.apache.org/jira/browse/NIFI-2554
> Project: Apache NiFi
>  Issue Type: Bug
>Reporter: Joseph Percivall
>Assignee: Matt Gilman
>Priority: Critical
> Fix For: 1.0.0
>
>
> Take the situation below:
> * InvokeHTTP processor I have view and modify permissions for
> * There are multiple SSL contexts some of which I do not have view or modify 
> access to
> * I am able to change the SSL Context Service property of the InvokeHTTP 
> processor to use a Controller service I do not have access to
> This should not be allowed. The user should not be able to create references 
> to Controller Services they cannot view or modify. 
> That said, since the user has the explicit permission to modify the 
> processor,  the user should be able to keep property referencing a CS they 
> can't view/modify if someone else configured it that way.
> The UI will need to be explicit in conveying this to the user since it will 
> be a bit complicated (limiting a user's options when configuring a component 
> they have full access to)



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Commented] (NIFI-2554) Components with references to Controller Services should limit configuration options based on CS policies

2016-08-15 Thread ASF GitHub Bot (JIRA)


[ 
https://issues.apache.org/jira/browse/NIFI-2554?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15421173#comment-15421173
 ] 

ASF GitHub Bot commented on NIFI-2554:
--

GitHub user mcgilman opened a pull request:

https://github.com/apache/nifi/pull/860

Enforcing READ permissions when referencing ControllerServices

NIFI-2554:
- Requiring READ permissions on the referenced controller service when 
creating/updating processors, controller services, and reporting tasks.
- Preventing client side selection of unauthorized controller services 
unless they were the previously configured value.

You can merge this pull request into a Git repository by running:

$ git pull https://github.com/mcgilman/nifi NIFI-2554

Alternatively you can review and apply these changes as the patch at:

https://github.com/apache/nifi/pull/860.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

This closes #860


commit 53827d0a0a5786ba2dcd5239fab40f4bd540002e
Author: Matt Gilman 
Date:   2016-08-15T15:49:05Z

NIFI-2554:
- Requiring READ permissions on the referenced controller service when 
creating/updating processors, controller services, and reporting tasks.
- Preventing client side selection of unauthorized controller services 
unless they were the previously configured value.




> Components with references to Controller Services should limit configuration 
> options based on CS policies
> -
>
> Key: NIFI-2554
> URL: https://issues.apache.org/jira/browse/NIFI-2554
> Project: Apache NiFi
>  Issue Type: Bug
>Reporter: Joseph Percivall
>Assignee: Matt Gilman
>Priority: Critical
> Fix For: 1.0.0
>
>
> Take the situation below:
> * InvokeHTTP processor I have view and modify permissions for
> * There are multiple SSL contexts some of which I do not have view or modify 
> access to
> * I am able to change the SSL Context Service property of the InvokeHTTP 
> processor to use a Controller service I do not have access to
> This should not be allowed. The user should not be able to create references 
> to Controller Services they cannot view or modify. 
> That said, since the user has the explicit permission to modify the 
> processor,  the user should be able to keep property referencing a CS they 
> can't view/modify if someone else configured it that way.
> The UI will need to be explicit in conveying this to the user since it will 
> be a bit complicated (limiting a user's options when configuring a component 
> they have full access to)



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Commented] (NIFI-2554) Components with references to Controller Services should limit configuration options based on CS policies

[jira] [Commented] (NIFI-2554) Components with references to Controller Services should limit configuration options based on CS policies

[jira] [Commented] (NIFI-2554) Components with references to Controller Services should limit configuration options based on CS policies

3 matches

Site Navigation

Mail list logo

Footer information