David Handermann created NIFI-14541:
---------------------------------------
Summary: Add Scoped Authorization Flow Registry Client Actions
Key: NIFI-14541
URL: https://issues.apache.org/jira/browse/NIFI-14541
Project: Apache NiFi
Issue Type: Improvement
Components: Core Framework, Security
Reporter: David Handermann
Assignee: David Handermann
Following the pattern of other component authorization, operations on Flow
Registry Client instances should be authorized with a resource nested under the
Controller resource.
Flow Registry Clients provide support for versioning flow configuration, with
management of Flow Registry Client instances at the Controller level.
The initial framework support for Flow Registry Clients as an extensible
component mapped authorization to the Controller Resource, with applicable read
or write privileges according to the operation.
Instead of authorizing operations on {{{}/controller{}}}, authorization should
be performed on {{/controller/registry-clients}} and operations on a specific
Flow Registry Client should be authorized on
{{{}/controller/registry-clients/id{}}}. This strategy provides compatibility
with existing authorization policies at the Controller level, and allows
authorization decisions on Flow Registry Clients going forward.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
