Github user markobean commented on a diff in the pull request: https://github.com/apache/nifi/pull/2703#discussion_r191053294 --- Diff: nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/controller/ControllerFacade.java --- @@ -1359,7 +1363,12 @@ public ProvenanceEventDTO getProvenanceEvent(final Long eventId) { } else { dataAuthorizable = flowController.createLocalDataAuthorizable(event.getComponentId()); } - dataAuthorizable.authorize(authorizer, RequestAction.READ, NiFiUserUtils.getNiFiUser(), attributes); + // If not authorized for 'view the data', create only summarized provenance event --- End diff -- The summarized event does seem to exclude other details that do not fall under 'view the data' (i.e. attributes and content.) For example, event duration and parent/child UUIDs. It seems either more event details besides lineageStartDate need to be moved out of the "if (!summarized)" block, or... what else would you suggest? A new method to generate the ProvenanceEventDTO which explicitly excludes all attributes and content?
---