Uploaded image for project: 'NiFi Registry - MOVED TO NIFI PROJECT'
  1. NiFi Registry - MOVED TO NIFI PROJECT
  2. NIFIREG-325

support specifying group for 'NiFi Identity' to grant permission to proxy user requests

Attach filesAttach ScreenshotVotersWatch issueWatchersCreate sub-taskLinkCloneUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments
    XMLWordPrintableJSON

Details

    • Improvement
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • 0.7.0
    • 0.6.0
    • None
    • None

    Description

      As documented in

      https://nifi.apache.org/docs/nifi-registry-docs/html/administration-guide.html#fileaccesspolicyprovider

      one can specify NiFi node identities to grant permission to proxy user requests and bucket read permission.
       
      What I'd like to propose is to be able to provider a group name there.: 

         <accessPolicyProvider>
        <identifier>file-access-policy-provider</identifier>
        <class>org.a.n.r.s.authorization.file.FileAccessPolicyProvider</class>
        <property name="Authorizations File">./conf/authorizations.xml</property>
        <property name="User Group Provider">...</property>
        <property name="Initial Admin Identity">...</property>
        <property name="Identity Group Name">my-group</property>
</accessPolicyProvider>

      which in turn would bless that group with the same permissions as described in the admin guide for 

      NiFi Identity

      (proxying user request and bucket read).

      This feature would be very similar to what https://issues.apache.org/jira/browse/NIFI-5542 does.

      Attachments

        Activity
          This comment will be Viewable by All Users Viewable by All Users
          Cancel

          People

            andrewsmith87 Endre Kovacs
            andrewsmith87 Endre Kovacs
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Time Tracking

                Estimated:
                Original Estimate - Not Specified
                Not Specified
                Remaining:
                Remaining Estimate - 0h
                0h
                Logged:
                Time Spent - 1h 50m
                1h 50m

                Slack

                  Issue deployment