Page properties | ||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
...
As part of this work the REST APIs will be refactored to better align with the resources being authorized and to address confusion over the allowed content types. By mirroring the authorization resources with our REST resources we can better scale as new features and ideas are added. Taking a super granular approach to authorization could still yield a cumbersome experience for the user so we've tried to design the API and resources to best accommodate that.
Resource /flow
/flow**
/flow/about
/flow/banner
/flow/search-results**
/flow/component-listing**
/flow/status
/flow/process-groups/{id}/status
/flow/processors/{id}/status
/flow/input-ports/{id}/status
/flow/output-ports/{id}/status
/flow/remote-process-groups/{id}/status
/flow/bulletin-board**
/flow/cluster/search-results
The flow resource is the only resource that would need to be authorized for a user to load the UI.
...
Explicit access to system diagnostics.
Resource /controller /controller/bulletins
/controller/config
/controller/reporting-tasks**
/controller/cluster
/controller/cluster/search-results
/controller/cluster/nodes/{id}
This approach implies that if a user has READ/WRITE to /controller then they can READ/WRITE the controller configuration and the cluster. Additionally, controller level bulletins are comprised of bulletins from reporting tasks and cluster events.
...
Access to the reporting task will be handled by the controller if none are explicitly defined.
Resource /process-groups/{id} /process-groups/{id}
/process-groups/{id}/bulletins**
/process-groups/{id}/controller-services**
/process-groups/{id}/processors**
/process-groups/{id}/process-groups**
/process-groups/{id}/remote-process-groups**
/process-groups/{id}/connections**
/process-groups/{id}/input-ports**
/process-groups/{id}/output-ports**
/process-groups/{id}/funnels**
/process-groups/{id}/labels**
/process-groups/{id}/snippets
/process-groups/{id}/snippets/{id}
/process-groups/{id}/snippet-instance
/process-groups/{id}/templates**
/process-groups/{id}/template-instance
...
/controller-services/{id}/controller-services/{id}/bulletins
Access to the controller service will be handled by the closest ancestor process group with access policies if none are explicitly defined.
Resource /input-ports/{id} /input-ports/{id}
/input-ports/{id}/bulletins
Access to the input port will be handled by the closest ancestor process group with access policies if none are explicitly defined.
Resource /output-ports/{id}/input-ports/{id}
/input-ports/{id}/bulletins
Access to the output port will be handled by the closest ancestor process group with access policies if none are explicitly defined.
...
Access to the output port will be handled by the closest ancestor process group with access policies if none are explicitly defined.
Resource /processors/{id} /processors/{id}
/processors/{id}/bulletins
Access to the processor will be handled by the closest ancestor process group with access policies if none are explicitly defined.
Resource /remote-process-groups/{id} /remote-process-groups/{id}
/remote-process-groups/{id}/bulletins
/remote-process-groups/{id}/input-ports/{id}
/remote-process-groups/{id}/output-ports/{id}
...