Remove user group from access policy

[ghost]

• Nipyapi version: 0.13.2 or 0.14.2

We are automating the user group addition to component level and global level. I could find the api for adding the user to component and global level both for view and modify.

I could not find any api to remove the user group from acess policy if at some point of time it is required.

Thanks Naveen

[Amorik]

As a workaround you can edit the policy and then use the update_access_policy function to apply the changes of the associated users/groups.

Group example:

mygroup = nipyapi.security.get_service_user_group('testgroup')

rp_flow = nipyapi.security.get_access_policy_for_resource(resource='/flow', action="read")
for group in rp_flow.component.user_groups:
    if group.component.id == mygroup.component.id:
        rp_flow.component.user_groups.remove(group)
nipyapi.security.update_access_policy(rp_flow)

User Example:

myuser = nipyapi.security.get_service_user('testuser')

rp_flow = nipyapi.security.get_access_policy_for_resource(resource='/flow', action="read")
for user in rp_flow.component.users:
    if user.id == myuser.id:
        rp_flow.component.users.remove(user)
nipyapi.security.update_access_policy(rp_flow)

Its best if you first get and print out the policy to see the contents before attempting to adjust any particular part of it. In this case rp_flow.component.user_groups and rp_flow.component.users are lists of nipyapi.nifi.models.tenant_entity.TenantEntity objects. Which we can then use to compare information with the retrieved nipyapi.nifi.models.user_group_entity.UserGroupEntity or nipyapi.nifi.models.user_group_entity.UserEntity removing items from the list accordingly.

Note: remove is a function of a python list object, not the nipyapi policy object.

---

The above was executed using the following versions:

• NiFi 1.11.0
• nipyapi 0.14.3
• Python 3.6.8

[Chaffelson]

This is an opportunity for an enhancement to make this a bit easier, thanks for the sample code @Amorik