...
As part of this work the REST APIs will be refactored to better align with the resources being authorized and to address confusion over the allowed content types. By mirroring the authorization resources with our REST resources we can better scale as new features and ideas are added. Taking a super granular approach to authorization could still yield a cumbersome experience for the user so we've tried to design the API and resources to best accommodate that.
Resource /flow
/flow**
/flow/about
/flow/banner
/flow/search-results**
/flow/component-listing**
/flow/status
/flow/process-groups/{id}/status
/flow/processors/{id}/status
/flow/input-ports/{id}/status
/flow/output-ports/{id}/status
/flow/remote-process-groups/{id}/status
/flow/bulletin-board**
/flow/cluster/search-results
The flow resource is the only resource that would need to be authorized for a user to load the UI.
...
Resource /controller
/controller/bulletins
/controller/config
/controller/reporting-tasks**
/controller/cluster
/controller/cluster/search-results
/controller/cluster/nodes/{id}
...
/process-groups/{id}
/process-groups/{id}/bulletins**
/process-groups/{id}/controller-services**
/process-groups/{id}/processors**
/process-groups/{id}/process-groups**
/process-groups/{id}/remote-process-groups**
/process-groups/{id}/connections**
/process-groups/{id}/input-ports**
/process-groups/{id}/output-ports**
/process-groups/{id}/funnels**
/process-groups/{id}/labels**
/process-groups/{id}/snippets
/process-groups/{id}/snippets/{id}
/process-groups/{id}/snippet-instance
/process-groups/{id}/templates**
/process-groups/{id}/template-instance
...
/controller-services/{id}/controller-services/{id}/bulletins
Access to the controller service will be handled by the closest ancestor process group with access policies if none are explicitly defined.
Resource /input-ports/{id} /input-ports/{id}
/input-ports/{id}/bulletins
Access to the input port will be handled by the closest ancestor process group with access policies if none are explicitly defined.
Resource /output-ports/{id}
/input-ports/{id}/input-ports/{id}/bulletins
Access to the output port will be handled by the closest ancestor process group with access policies if none are explicitly defined.
...
Resource /processors/{id}
/processors/{id}/processors/{id}/bulletins
Access to the processor will be handled by the closest ancestor process group with access policies if none are explicitly defined.
Resource /remote-process-groups /{id}/remote-process-groups/{id}
/remote-process-groups/{id}/bulletins
/remote-process-groups/{id}/input-ports/{id}
/remote-process-groups/{id}/output-ports/{id}
...