Details
-
Bug
-
Status: Resolved
-
Critical
-
Resolution: Fixed
-
None
-
None
-
None
Description
Take the situation below:
- InvokeHTTP processor I have view and modify permissions for
- There are multiple SSL contexts some of which I do not have view or modify access to
- I am able to change the SSL Context Service property of the InvokeHTTP processor to use a Controller service I do not have access to
This should not be allowed. The user should not be able to create references to Controller Services they cannot view or modify.
That said, since the user has the explicit permission to modify the processor, the user should be able to keep property referencing a CS they can't view/modify if someone else configured it that way.
The UI will need to be explicit in conveying this to the user since it will be a bit complicated (limiting a user's options when configuring a component they have full access to)
Attachments
Issue Links
- is blocked by
-
NIFI-1876 Clustering - Merge all responses based on authorization
-
- Resolved
-
- links to
