[ https://issues.apache.org/jira/browse/NIFI-3001?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Bryan Bende reassigned NIFI-3001: --------------------------------- Assignee: Bryan Bende > The authorizers.xml file should be parsed for new users/node identities even > if users.xml already exists. > --------------------------------------------------------------------------------------------------------- > > Key: NIFI-3001 > URL: https://issues.apache.org/jira/browse/NIFI-3001 > Project: Apache NiFi > Issue Type: Improvement > Affects Versions: 1.0.0 > Reporter: Matthew Clarke > Assignee: Bryan Bende > > The intent of having an users.xml and authorizations.xml file is so that the > users.xml file can be used/copied to multiple systems for reuse. > The problem is when standing up a new system/cluster with a pre-populated > users.xml file, NiFi does not update it on startup. A new system is very > likely to have new node identities defined in the authorizers.xml file that > will not exist in the ported users.xml file. > My thought is that on every startup NiFi should parse the "node identities" > from the authorizers.xml file and add them if missing to the users.xml file > and grant those added users to the /proxy resource in the authorizations.xml. > This reduces complications users can experience when adding additional nodes > to a pre-existing cluster. > The "Initial admin" and "legacy authorized-users.xml" settings in the > authorizers.xml file should only ever be parsed once and only if a > authorizations.xml file does not exist. If the authorizations.xml file does > not exist, these users should be added to the existing users.xml file (or > create one if does not exist) and granted the initial admin related policy > resources in the authorizations.xml file. By setting it up this way if an > "admin" is removed from the UI at some later time a restart of NiFi will not > result in that user being added back in to the existing authorizations.xml or > users.xml. -- This message was sent by Atlassian JIRA (v6.3.4#6332)