Details
-
Bug
-
Status: Resolved
-
Critical
-
Resolution: Fixed
-
None
-
None
Description
Authorization requests/results are now explicitly audited. This change was due to the fact that the Ranger was auditing a lot of false positives previously. This is partly because the NiFi uses authorization to check which features the user may have permissions to. This check is used to enable/disable various parts of the UI. The remainder of the false positives came from the authorizer not knowing the entire context of the request. For instance, when a Processor has no policy we check its parent and so on.
The memory leak is due to the authorizer holding onto authorization results that are never destined for auditing.
Attachments
Issue Links
- is caused by
-
NIFI-4032 Create Managed Ranger Authorizer
- Resolved
- links to