[ 
https://issues.apache.org/jira/browse/NIFI-1876?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15400231#comment-15400231
 ] 

ASF GitHub Bot commented on NIFI-1876:
--------------------------------------

Github user JPercivall commented on the issue:

    https://github.com/apache/nifi/pull/694
  
    Hey @jtstorck, the "View the data" and "Modify the data" policies are not 
being merged/properly taken into account when querying/working with provenance 
events. (In both scenarios the user is a part of the "query provenance" policy)
    
    First when a user doesn't have "Modify the data" on a component on one 
node, it will correctly deny any replay requests that are of events that 
originated on that node. That said, if an event that originated on another node 
is submitted for replay it will succeed.
    
    A potential problem with "View the data" comes about when one node doesn't 
have the "view the data" policy but the others do and you attempt to query 
provenance. As a user I would expect the most strict policy (deny) to be merged 
and I would not be able to "View the data" from any node. Unfortunately the way 
it works currently (I believe) is that the query gets sent to the node to vet 
and it will take into account any policies and return the events. Then the 
events are merged. This means that the user will be able to see events from the 
allowing nodes. I'm not sure there is currently a way to merge these 
properly/effectively.
    
    @mcgilman may have more insight.


> Clustering - Merge all responses based on authorization
> -------------------------------------------------------
>
>                 Key: NIFI-1876
>                 URL: https://issues.apache.org/jira/browse/NIFI-1876
>             Project: Apache NiFi
>          Issue Type: Sub-task
>          Components: Core Framework
>            Reporter: Matt Gilman
>            Assignee: Jeff Storck
>             Fix For: 1.0.0
>
>
> Each node in a cluster may have a different view of the authorization access 
> policies simply to in the timing of updates. Because of this, all requests 
> need to be merged accordingly.
> Requests are directed at a specific resource. These would result in some 403 
> responses.
> Some requests are contain a filtered view of a number of resources. These 
> would need to be updated to return the most restrictive set of responses.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to