You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@nifi.apache.org by "Kevin Doran (JIRA)" <ji...@apache.org> on 2017/12/21 01:56:00 UTC

[jira] [Created] (NIFIREG-75) FileUserGroupProvider allows updating a group to contain unknown users

Kevin Doran created NIFIREG-75:
----------------------------------

             Summary: FileUserGroupProvider allows updating a group to contain unknown users
                 Key: NIFIREG-75
                 URL: https://issues.apache.org/jira/browse/NIFIREG-75
             Project: NiFi Registry
          Issue Type: Bug
            Reporter: Kevin Doran
            Assignee: Kevin Doran


In FileUserGroupProvider, when a new group is created, all the users in the group are checked to ensure they are known to the FileUserGroupProvider prior to creating the group.

However, when a group is updated, a similar check does not exist, allowing one to add invalid users to a group. This gets the server in a bad state with unexpected behavior surrounding authorization actions.

Note that this logic was ported from NiFi, so NiFi should probably be updated with the same fix after verifying this is the intended behavior (having the check on update).



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)