[
https://issues.apache.org/jira/browse/NIFI-2940?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15951295#comment-15951295
]
Matt Gilman commented on NIFI-2940:
-----------------------------------
[~aldrin] It's really an implementation detail. When unsecured, the anonymous
user will have full permissions. The checks still execute, however they are
just always approved. Because we are doing resource-based authorization, if the
resource is missing, there is nothing we can check against. I think the
proposed solution addresses both issues and is consistent with other
permissions for purging history. We would grant access to the history for a
component if the user has read to that component or if the user has read to the
Controller.
> Unable to view deleted components in unsecured instance Flow Configuration
> HIstory
> ----------------------------------------------------------------------------------
>
> Key: NIFI-2940
> URL: https://issues.apache.org/jira/browse/NIFI-2940
> Project: Apache NiFi
> Issue Type: Bug
> Components: Core Framework
> Affects Versions: 1.0.0
> Reporter: Aldrin Piri
> Priority: Minor
>
> I have an unsecured instance of NiFi running a fairly standard flow.
> Upon deleting a connection I had wanted to see what relationships were
> attached to it, and viewed the Flow Configuration History. In that listing,
> while I could see that there was an event that took place, all of the details
> were listed as unauthorized.
> I additionally tested with other components (processors, funnels, etc) and
> noted similar results.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
