You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@nifi.apache.org by "ASF GitHub Bot (JIRA)" <ji...@apache.org> on 2016/12/08 16:31:00 UTC

[jira] [Commented] (NIFI-2695) Access Denied messages should include more information

    [ https://issues.apache.org/jira/browse/NIFI-2695?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15732657#comment-15732657 ] 

ASF GitHub Bot commented on NIFI-2695:
--------------------------------------

GitHub user mcgilman opened a pull request:

    https://github.com/apache/nifi/pull/1309

    NIFI-2695: Provide more meaningful authorization error messages

    NIFI-2695:
    - Providing more granular and meaningful authorization error messages.

You can merge this pull request into a Git repository by running:

    $ git pull https://github.com/mcgilman/nifi NIFI-2695

Alternatively you can review and apply these changes as the patch at:

    https://github.com/apache/nifi/pull/1309.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

    This closes #1309
    
----
commit eed61568c305cac5c29a989cbcf538ec526a6411
Author: Matt Gilman <ma...@gmail.com>
Date:   2016-12-08T16:29:32Z

    NIFI-2695:
    - Providing more granular and meaningful authorization error messages.

----


> Access Denied messages should include more information
> ------------------------------------------------------
>
>                 Key: NIFI-2695
>                 URL: https://issues.apache.org/jira/browse/NIFI-2695
>             Project: Apache NiFi
>          Issue Type: Improvement
>          Components: Core Framework, Core UI
>            Reporter: Jeff Storck
>            Assignee: Matt Gilman
>            Priority: Minor
>             Fix For: 1.2.0
>
>
> Access Denied errors should provide more information than just the statement that access has been denied.  At a minimum, the component types (controller service, processor, process group, etc) and IDs for which access was denied should be provided in the message.
> For example, if the user is attempting to create a template that includes a child process group that has a controller service for which the user does not have read access, the request to create the template will be denied, and the user will be informed that it was denied.  While this is correct, the user (and perhaps the admin) does not have a clear indication of which component involved in the request caused the request to be denied.
> If the component types and IDs (ie "Process Group 123456789") are shown in the error message (and logs), the user (and admin) have direct information to use to solve any policy changes that might need to be made to allow the user's request to complete successfully.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)