[
https://issues.apache.org/jira/browse/NIFI-15403?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=18048370#comment-18048370
]
ASF subversion and git services commented on NIFI-15403:
--------------------------------------------------------
Commit a8d21f24fea0c10753711d6d9eba9e8e082bdf0a in nifi's branch
refs/heads/main from David Handermann
[ https://gitbox.apache.org/repos/asf?p=nifi.git;h=a8d21f24fe ]
NIFI-15403 Removed Read Authorization from Current User method
- Added unit test verifying getCurrentUser method does not invoke the
authorizeAccess method
Signed-off-by: Pierre Villard <[email protected]>
This closes #10707.
> Remove Read Flow Authorization from Current User method
> -------------------------------------------------------
>
> Key: NIFI-15403
> URL: https://issues.apache.org/jira/browse/NIFI-15403
> Project: Apache NiFi
> Issue Type: Improvement
> Components: Core Framework, Security
> Reporter: David Handermann
> Assignee: David Handermann
> Priority: Minor
> Time Spent: 20m
> Remaining Estimate: 0h
>
> The {{/flow/current-user}} REST API method currently requires the {{READ}}
> privilege on the {{Flow}} resource, aligning with other methods in the
> {{FlowResource}} class. The {{current-user}} method, however, provides
> information about the authenticated user, in addition to permission details
> for various operations, and the status of logout support based on the
> authenticated credentials.
> Based on the capabilities of the Current User method, the requirement for
> {{READ}} on the {{Flow}} resource should be removed. Removing the
> authorization allows users who are authenticated, but not authorized, to log
> out and clear current session credentials.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
