Cloudera Community

Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search

Apache NIFI Authentication LDAP

Labels:
avatar
author-rank Ripul
Frequent Visitor

Created ‎05-29-2025 06:54 PM

Hi All, I am new to Apache NIFI ,I did the setup on AWS ECS using latest NIFI image and with LDAP authentication.

Everything is fine, but when Admin or any other user logs in, then all of the control sections are hidden (processor, input port, output port, funnel).

Not sure where I am doing wrong. Pleaes assist me

408 Views
0 Kudos
2 REPLIES 2

avatar
author-rank VidyaSargur author-rank
Community Manager

Created ‎05-29-2025 10:38 PM

@Ripul, Welcome to our community! To help you get the best possible answer, I have tagged in our NiFi experts  @hegdemahendra @MattWho, who may be able to assist you further.

Please feel free to provide any additional information or details about your query. We hope that you will find a satisfactory solution to your question.


Regards,

Vidya Sargur,
Community Manager

Was your question answered? Make sure to mark the answer as the accepted solution.
If you find a reply useful, say thanks by clicking on the thumbs up button.
Learn more about the Cloudera Community:
389 Views
0 Kudos

avatar
author-rank MattWho author-rank
Master Mentor

Created on ‎05-30-2025 06:05 AM - edited ‎05-30-2025 06:06 AM

@Ripul 

Welcome to the Cloudera Community!

Sharing a screenshot would be helpful here, but I am assume what you are seeing is something like this when you login with your admin user or other users:

MattWho_0-1748608088680.png

This is because of an authorization issue. When NiFi is started for the first time it does not have a flow.josn.gz file yet which contains everything you see on the NiFi canvas.   So NiFi will generate that flow.josn.gz which will consist of just a root process group.

MattWho_1-1748608361076.png

You'll notice on the cavas the above "Operation" panel.  It  will show the current selected component on the canvas.  With nothing selected on the canvas, it will show details for whichever NiFi Process Group you are currently displaying.  Since this is a new install, what the Operation panel is showing is this generated root process group.  Anytime you see the name as just the UUID for a component, it indicates the currently authenticated user is not authorized to view that component.  A greyed out "gear" (configuration) icon indicates user is not authorized to modify the component.  A greyed out "key" (Access Policies) icon indicates currently authenticated user is not authorized to view and maybe modify policies (authorizations) in that component.

NiFi provides very granular authorization control all the way down to the individual component level.  This may sound like a lot to need to manage; however, there is policy inheritance in place.  Example:  You add a processor to the canvas. If not explicit policy is defined on the processor itself it will inherit policy from the process group it is inside.  If there is no policy defined on the process group, it will inherit  policy from parent process group.  At the very top level is the above mentioned parent process group.  So setting policies on the parent process group will control access on everything added to cavas until ab explicit access policy is set on a sub component.

There are also global policies that can be setup and your "admin" user should have been setup on a number of these.

MattWho_2-1748609139460.png

From the above global menu found in upper right corner you should see that "Policies" is not greyed out for your admin user.  Within global  "Policies", all users need to be granted "view the user interface" in order to access the user interface, so it sounds like you have already done this for other users.  Your "admin" user should also have "access all policies" (view and modify) which allows that user to view and modify access policies (authorizations) on every component anywhere on the canvas.   This policy is what makes the "key" icon not greyed out on the "Operation" panel mentioned earlier.


So to give select users (including your admin user) the ability to add components to the root process group, your admin user will need to select the key icon on the root process group and grant those users:

MattWho_3-1748609607672.png

Once your admin user and other users are properly authorized to "view the component", the Operate panel will show the process group name instead of just the process group assigned UUID.

MattWho_4-1748609919563.png

The gear icon will not be greyed out once your admin user and other users have "modify the component".    "Modify the component" on a process group will also allow added users to see the component adding icon a the top of the UI.

MattWho_5-1748610211303.png

I am not going to cover all the NiFi Policies, but they can be found in the NiFi Administration guide under Configuring Users & Access Policies

 

Please help our community grow. If you found any of the suggestions/solutions provided helped you with solving your issue or answering your question, please take a moment to login and click "Accept as Solution" on one or more of them that helped.

Thank you,
Matt

371 Views
0 Kudos
Announcements
Community Announcements
August 2025 Community Highlights
Community Announcements
July 2025 Community Highlights
What's New @ Cloudera
[RELEASED] Cloudera Streaming Analytics - Kubernetes Operato...
Community Announcements
Join Us at CommunityOverCode Asia 2025: Exploring the Future...
What's New @ Cloudera
Announcing Cloudera Surveyor with Cloudera Streams Messaging...
View More Announcements