[NIFIREG-325] support specifying group for 'NiFi Identity' to grant permission to proxy user requests - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: 0.7.0
Fix Version/s: 0.6.0
Component/s: None
Labels:
None

Description

As documented in

https://nifi.apache.org/docs/nifi-registry-docs/html/administration-guide.html#fileaccesspolicyprovider

one can specify NiFi node identities to grant permission to proxy user requests and bucket read permission.

What I'd like to propose is to be able to provider a group name there.:

   <accessPolicyProvider>
        <identifier>file-access-policy-provider</identifier>
        <class>org.a.n.r.s.authorization.file.FileAccessPolicyProvider</class>
        <property name="Authorizations File">./conf/authorizations.xml</property>
        <property name="User Group Provider">...</property>
        <property name="Initial Admin Identity">...</property>
        <property name="Identity Group Name">my-group</property>
</accessPolicyProvider>

which in turn would bless that group with the same permissions as described in the admin guide for

NiFi Identity

(proxying user request and bucket read).

This feature would be very similar to what https://issues.apache.org/jira/browse/NIFI-5542 does.

Attachments

Issue Links

links to

GitHub Pull Request #235

Activity

People

Assignee:: Endre Kovacs

Reporter:: Endre Kovacs

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 03/Oct/19 18:12

Updated:: 31/Mar/20 17:37

Resolved:: 08/Oct/19 15:11

Time Tracking

Estimated:

Not Specified

Remaining:

Logged:

1h 50m