[
https://issues.apache.org/jira/browse/NIFI-14541?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
David Handermann updated NIFI-14541:
------------------------------------
Status: Patch Available (was: Open)
> Add Scoped Authorization for Flow Registry Client Actions
> ---------------------------------------------------------
>
> Key: NIFI-14541
> URL: https://issues.apache.org/jira/browse/NIFI-14541
> Project: Apache NiFi
> Issue Type: Improvement
> Components: Core Framework, Security
> Reporter: David Handermann
> Assignee: David Handermann
> Priority: Minor
> Time Spent: 10m
> Remaining Estimate: 0h
>
> Following the pattern of other component authorization, operations on Flow
> Registry Client instances should be authorized with a resource nested under
> the Controller resource.
> Flow Registry Clients provide support for versioning flow configuration, with
> management of Flow Registry Client instances at the Controller level.
> The initial framework support for Flow Registry Clients as an extensible
> component mapped authorization to the Controller Resource, with applicable
> read or write privileges according to the operation.
> Instead of authorizing operations on {{{}/controller{}}}, authorization
> should be performed on {{/controller/registry-clients}} and operations on a
> specific Flow Registry Client should be authorized on
> {{{}/controller/registry-clients/id{}}}. This strategy provides compatibility
> with existing authorization policies at the Controller level, and allows
> authorization decisions on Flow Registry Clients going forward.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
