[
https://issues.apache.org/jira/browse/NIFI-15845?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
David Handermann updated NIFI-15845:
------------------------------------
Status: Patch Available (was: In Progress)
> Remove Restricted Component Authorization from Framework
> --------------------------------------------------------
>
> Key: NIFI-15845
> URL: https://issues.apache.org/jira/browse/NIFI-15845
> Project: Apache NiFi
> Issue Type: Improvement
> Components: Core Framework, Security
> Reporter: David Handermann
> Assignee: David Handermann
> Priority: Major
> Time Spent: 10m
> Remaining Estimate: 0h
>
> Following the deprecation of the Restricted annotation released in NiFi API
> 2.8.0 and NiFi 2.9.0, the framework authorization handling should be updated
> to remove evaluation of Restricted status and Required Permissions.
> The initial set of changes should avoid modifying the structure of REST API
> requests and responses, instead returning {{false}} for restricted status and
> empty lists for required permissions where applicable. This approach
> maintains compatibility with existing frontend and REST API clients that may
> check for the presence of restricted status.
> The initial set of changes should be limited to framework components, leaving
> removal of the Restricted annotation to a subsequent issue for clarity of
> implementation.
> Removing Restricted component authorization retains all other authorization
> checks, requiring users to have applicable write access for Process Groups
> and components in order to make changes or add components. Following the
> removal, users will no longer be prevented from adding components based on
> Restricted status alone. As described in the improvement proposal, this
> change in behavior provides better alignment between enforceable security
> boundaries and configurable access policies.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
