Github user mcgilman commented on a diff in the pull request: https://github.com/apache/nifi/pull/755#discussion_r73401024 --- Diff: nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/AccessPolicyResource.java --- @@ -102,14 +102,18 @@ public AccessPolicyEntity populateRemainingAccessPolicyEntityContent(AccessPolic @Consumes(MediaType.WILDCARD) @Produces(MediaType.APPLICATION_JSON) @Path("{action}/{resource: .+}") - // TODO - @PreAuthorize("hasAnyRole('ROLE_MONITOR', 'ROLE_DFM', 'ROLE_ADMIN')") @ApiOperation( - value = "Gets an access policy", + value = "Gets an access policy for the specified action and resource", + notes = "Will return the effective policy if no component specific policy exists for the specified action and resource. " + + "Must have Read permissions to the policy with the desired action and resource. Permissions for the policy that is " + + "returned will be indicated in the response. This means the client could be authorized to get the policy for a " + + "given component but the effective policy may be inherited from an ancestor Process Group. If the client does not " + + "have permissions to that policy, the response will not include the policy and the permissions in the response " + + "will be marked accordingly. If the client does not have permissions to the policy of the desired action and resource " + + "a 403 response will be returned.", response = AccessPolicyEntity.class, authorizations = { - @Authorization(value = "Read Only", type = "ROLE_MONITOR"), - @Authorization(value = "Data Flow Manager", type = "ROLE_DFM"), - @Authorization(value = "Administrator", type = "ROLE_ADMIN") + @Authorization(value = "Read - /policies/{action}/{resource}", type = "") --- End diff -- Yep, good call.
--- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---