[ https://issues.apache.org/jira/browse/NIFI-2940?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15951295#comment-15951295 ]
Matt Gilman commented on NIFI-2940: ----------------------------------- [~aldrin] It's really an implementation detail. When unsecured, the anonymous user will have full permissions. The checks still execute, however they are just always approved. Because we are doing resource-based authorization, if the resource is missing, there is nothing we can check against. I think the proposed solution addresses both issues and is consistent with other permissions for purging history. We would grant access to the history for a component if the user has read to that component or if the user has read to the Controller. > Unable to view deleted components in unsecured instance Flow Configuration > HIstory > ---------------------------------------------------------------------------------- > > Key: NIFI-2940 > URL: https://issues.apache.org/jira/browse/NIFI-2940 > Project: Apache NiFi > Issue Type: Bug > Components: Core Framework > Affects Versions: 1.0.0 > Reporter: Aldrin Piri > Priority: Minor > > I have an unsecured instance of NiFi running a fairly standard flow. > Upon deleting a connection I had wanted to see what relationships were > attached to it, and viewed the Flow Configuration History. In that listing, > while I could see that there was an event that took place, all of the details > were listed as unauthorized. > I additionally tested with other components (processors, funnels, etc) and > noted similar results. -- This message was sent by Atlassian JIRA (v6.3.15#6346)