[
https://issues.apache.org/jira/browse/NIFI-1876?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15404396#comment-15404396
]
ASF GitHub Bot commented on NIFI-1876:
--------------------------------------
Github user jtstorck commented on the issue:
https://github.com/apache/nifi/pull/694
Regarding the concerns with the viewing data, our current implementation
looks correct. The queries for provenance events are run on each node
invidually, and each event is unique to the node on which it occurred; there is
no concept of merging a particular provenance event across nodes in the
cluster. Per node, the configured authorizer is used to check for the current
permissions for each event returned by the query. The results returned to the
client are correct based on the per-node authorizer checks performed at the
time of the query. Using the AbstractPolicyBasedAuthorizer, this case will not
occur, since the policies are forced to be in sync across the cluster. Using
any delegating authorizer, NiFi does not have control over the actual policies,
and therefore can only operate based on the decision made by the authorizer on
the particular node from which it was called.
> Clustering - Merge all responses based on authorization
> -------------------------------------------------------
>
> Key: NIFI-1876
> URL: https://issues.apache.org/jira/browse/NIFI-1876
> Project: Apache NiFi
> Issue Type: Sub-task
> Components: Core Framework
> Reporter: Matt Gilman
> Assignee: Jeff Storck
> Fix For: 1.0.0
>
>
> Each node in a cluster may have a different view of the authorization access
> policies simply to in the timing of updates. Because of this, all requests
> need to be merged accordingly.
> Requests are directed at a specific resource. These would result in some 403
> responses.
> Some requests are contain a filtered view of a number of resources. These
> would need to be updated to return the most restrictive set of responses.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
