Hello, I believe this is expected behavior because the special privileges give read and write to all buckets and take precedence over the bucket privileges.
Generally not many users/groups would have those special privileges. The common use case is to give a NiFi server read to all buckets so it can check the status of all the versioned process groups: Thanks, Bryan On Thu, Jun 21, 2018 at 6:13 PM Jagrut Sharma <jagrutsha...@gmail.com> wrote: > Hi - I set up secured NiFi and NiFi registry via locally generated client > certificates. > > NiFi registry has: > - A user under Authorized Users called CN=test_user, OU=NIFI, with nothing > checked under Special Privileges. > - A group Test_Users which contains the above user. The group has Read and > Write permissions checked under Special Privileges -> Can manage buckets. > - A bucket Bucket7 which has one policy: read access for Test_Users group > > > In NiFi, the user CN=test_user, OU=NIFI is logged in. Created a process > group, and attempted to start version control. The save flow dialog lists > all the buckets in NiFi registry, including Bucket7. Selecting Bucket7 and > providing a FlowName allows save to succeed. > > Was expecting that the user CN=test_user, OU=NIFI would not be able to save > flow from NiFi to Bucket7 due to the read access on the bucket for the > user's group. So, just checking if this is expected behavior. > > Thanks. > -- > Jagrut > -- Sent from Gmail Mobile
