nifi-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Bryan Bende <bbe...@gmail.com>
Subject Re: NiFi Registry policies
Date Wed, 06 Jan 2021 14:29:42 GMT
This is expected behavior...

Saving or pulling the flow is happening on behalf of the end user in
nifi which is being proxied by the nifi server over to registry. In
this case, the nifi server only needs proxy permissions.

Checking the status of all the versioned PGs happens in the background
as the nifi server itself, so it needs read access to all buckets.

On Wed, Jan 6, 2021 at 9:22 AM Mark Bean <mark.o.bean@gmail.com> wrote:
>
> I created a new bucket in NiFi Registry without making it publicly visible.
> Then, I added myself to the policies on the bucket with Read, Write and
> Delete permissions; I did not add the Apache NiFi server to the policies.
>
> In Apache NiFi, I added a flow to the Registry. I could also pull this flow
> from the Registry duplicating the process group in the flow.
>
> The status of the version controlled process group indicates "?" (sync
> failure). In the nifi-registry-app.log, I see a corresponding INFO message
> indicating the Apache NiFi server "does not have permission to access the
> requested resource" where the resource is the bucket mentioned above. I
> expect this since I have not yet added the NiFi server to the policies for
> the bucket.
>
> Is this expected behavior?
>
> I would expect that the flow could not be created in the bucket nor pulled
> from the bucket until the NiFi server is added to the policies for the
> bucket. Yet, I was able to perform both operations.
>
> NiFi Registry, 0.8.0
> Apache NiFi 1.11.4
>
> Thanks,
> Mark

Mime
View raw message