[jira] [Commented] (NIFI-14391) Support Initial Admin Group Configuration in FileAccessPolicyProvider

Tue, 29 Apr 2025 06:33:49 -0700 


    [ 
https://issues.apache.org/jira/browse/NIFI-14391?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17948167#comment-17948167
 ] 

endzeit commented on NIFI-14391:
--------------------------------

Hey [~vyagh], I've seen you've assigned this issue to yourself. I had started 
working on this already, see the linked PR. Do you want to take over working on 
this?

> Support Initial Admin Group Configuration in FileAccessPolicyProvider
> ---------------------------------------------------------------------
>
>                 Key: NIFI-14391
>                 URL: https://issues.apache.org/jira/browse/NIFI-14391
>             Project: Apache NiFi
>          Issue Type: New Feature
>            Reporter: endzeit
>            Assignee: Shubham Sharma
>            Priority: Major
>          Time Spent: 10m
>  Remaining Estimate: 0h
>
> Currently, when configuring a NiFi cluster with OIDC authentication, the 
> FileAccessPolicyProvider requires specifying a single, statically defined 
> user for initial administrator permissions. This necessitates the use of a 
> dedicated service account or relies on a specific user's availability during 
> cluster setup.
> This issue proposes enhancing the FileAccessPolicyProvider to support the 
> configuration of an initial administrator group (e.g., 'dinos') instead of a 
> single user. This would leverage the group information provided by the 
> Identity Provider and streamline the initial rights management process, 
> eliminating the reliance on individual user accounts.
> Specifically, we suggest adding a configuration option, such as "Initial 
> Admin Group," to the FileAccessPolicyProvider. This would allow 
> administrators to specify a group that should be granted initial 
> administrative privileges upon cluster startup.
> This enhancement would improve the manageability of NiFi clusters in OIDC 
> environments by providing a more flexible and robust approach to initial 
> administrator rights assignment.
> See [discussion on 
> Slack|https://apachenifi.slack.com/archives/C0L9VCD47/p1742923692051819].



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to