In order to use Provenance to view details of a flow file, a user must belong to the 'view the data' policy for a given component(s) along the flow. For example, the lineage graph will show "UNKNOWN" for any component which the user does not possess 'view the data'. Not only can the user not identify which processor this is, but the user cannot view even core attributes of the flowfile such as flowfile UUID either.
We use a custom authorizer which may restrict a user from 'view the data' based on certain flowfile attribute(s). This creates a situation where the NiFi Admins can potentially lose insight to the flow of data through the system. An Admin can see that a given flowfile traversed X-number of components, but cannot identify what components they were nor where the flowfile ultimately was delivered. It is necessary to maintain the ability to restrict even an Admin from seeing flowfile content and user-defined attributes. However, it would be highly desirable for the Admins to be able to view flowfile core attributes throughout the flow. The information presented on the Details tab of a Provenance event would suffice. Can the information on this tab be separated from the 'view the data' policy? Likely, this means creating a new policy type which does not currently exist. Comments/suggestions? Thanks, Mark
