You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@nifi.apache.org by "ASF subversion and git services (Jira)" <ji...@apache.org> on 2020/12/08 20:58:00 UTC

[jira] [Commented] (NIFI-7884) Separate "read-filesystem" restricted permission into local file system and HDFS file system permissions

    [ https://issues.apache.org/jira/browse/NIFI-7884?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17246142#comment-17246142 ] 

ASF subversion and git services commented on NIFI-7884:
-------------------------------------------------------

Commit cfbcecc4c6ceae805bf26588a4c587d4ca37763a in nifi's branch refs/heads/main from exceptionfactory
[ https://gitbox.apache.org/repos/asf?p=nifi.git;h=cfbcecc ]

NIFI-7884 Added and applied Distributed File System permissions (#4713)



> Separate "read-filesystem" restricted permission into local file system and HDFS file system permissions
> --------------------------------------------------------------------------------------------------------
>
>                 Key: NIFI-7884
>                 URL: https://issues.apache.org/jira/browse/NIFI-7884
>             Project: Apache NiFi
>          Issue Type: Improvement
>          Components: Core Framework, Extensions
>    Affects Versions: 1.12.1
>            Reporter: Andy LoPresto
>            Assignee: David Handermann
>            Priority: Major
>              Labels: file-system, hdfs, restricted, security
>          Time Spent: 10m
>  Remaining Estimate: 0h
>
> Currently the {{read-filesystem}} value for {{RequiredPermission}} is used for both the processors which read directly from the local file system of the machine hosting NiFi ({{GetFile}}, {{ListFile}}, etc.) and the processors which read from external file systems like HDFS ({{GetHDFS}}, {{PutHDFS}}, etc.). There are use cases where NiFi users should be able to interact with the HDFS file system without having permissions to access the local file system. 
> This will also require introducing a global setting in {{nifi.properties}} that an admin can set to allow local file system access via the HDFS processors (default {{true}} for backward compatibility), and additional validation logic in the HDFS processors (ideally the abstract shared logic) to ensure that if this setting is disabled, the HDFS processors are not accessing the local file system via the {{file:///}} protocol in their configuration. 



--
This message was sent by Atlassian Jira
(v8.3.4#803005)