David Handermann created NIFI-15845:
---------------------------------------
Summary: Remove Restricted Component Authorization from Framework
Key: NIFI-15845
URL: https://issues.apache.org/jira/browse/NIFI-15845
Project: Apache NiFi
Issue Type: Improvement
Components: Core Framework, Security
Reporter: David Handermann
Assignee: David Handermann
Following the deprecation of the Restricted annotation released in NiFi API
2.8.0 and NiFi 2.9.0, the framework authorization handling should be updated to
remove evaluation of Restricted status and Required Permissions.
The initial set of changes should avoid modifying the structure of REST API
requests and responses, instead returning {{false}} for restricted status and
empty lists for required permissions where applicable. This approach maintains
compatibility with existing frontend and REST API clients that may check for
the presence of restricted status.
The initial set of changes should be limited to framework components, leaving
removal of the Restricted annotation to a subsequent issue for clarity of
implementation.
Removing Restricted component authorization retains all other authorization
checks, requiring users to have applicable write access for Process Groups and
components in order to make changes or add components. Following the removal,
users will no longer be prevented from adding components based on Restricted
status alone. As described in the improvement proposal, this change in behavior
provides better alignment between enforceable security boundaries and
configurable access policies.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
