Andy LoPresto created NIFI-7884:
-----------------------------------
Summary: Separate "read-filesystem" restricted permission into
local file system and HDFS file system permissions
Key: NIFI-7884
URL: https://issues.apache.org/jira/browse/NIFI-7884
Project: Apache NiFi
Issue Type: Improvement
Components: Core Framework, Extensions
Affects Versions: 1.12.1
Reporter: Andy LoPresto
Currently the {{read-filesystem}} value for {{RequiredPermission}} is used for
both the processors which read directly from the local file system of the
machine hosting NiFi ({{GetFile}}, {{ListFile}}, etc.) and the processors which
read from external file systems like HDFS ({{GetHDFS}}, {{PutHDFS}}, etc.).
There are use cases where NiFi users should be able to interact with the HDFS
file system without having permissions to access the local file system.
This will also require introducing a global setting in {{nifi.properties}} that
an admin can set to allow local file system access via the HDFS processors
(default {{true}} for backward compatibility), and additional validation logic
in the HDFS processors (ideally the abstract shared logic) to ensure that if
this setting is disabled, the HDFS processors are not accessing the local file
system via the {{file:///}} protocol in their configuration.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
