We are using NiFi (deployed by Ambari), with users authenticated by LDAP (FreeIPA), and authorisations by Ranger policies. Some of our policies include resource wildcards (e.g. /process-groups/*). As a result NiFi logs include
Resources [...] include a wildcard value. Skipping policy for viewing purposes. Will still be used for access decisions.
What does "Skipping policy for viewing purposes" mean?
Is it viewing of the policy itself, or viewing of resource(s)? We are able to view the policies in Ranger Admin.
Where would the thing be viewed? We are able to view the resources in the NiFi canvas.
NiFi actually downloads the policy definitions from Ranger and all authorizations are done based on the last downloaded set of policies (NiFi runs a background thread to check for updated policy definitions from Ranger). NiFi does not send a request to verify authorization to Ranger itself.