*** This topic applies to HDF 2.0 and NiFI 1.0 versions only. Does not apply to HDF 1.x and NiFi 0.x versions.
There are multiple permissions which need to be in place in order to perform Provenance queries and view the data returned by those queries.
1. Users who want to perform Provenance queries will need to have permission granted to the "query provenance" policy. Select "Policies" from the Hamburger menu in the upper right corner of NiFi UI:
2. In order to view the results (the data) returned by the provenance query, both the users and systems/servers in the NiFi cluster will need to have "view data" permissions to the components the query results are returned against. Policies are assigned at the component level by selecting a component and applying a policies as illustrated below:
*** What is important to note here is that both users and servers in this NiFi cluster need "view the data" permissions or no query results will be displayed to the UI.
In the above example i applied my policies to the root process group (Top level of canvas). Any components (Processors, process groups, etc...) created on this top layer will inherit these policies unless overwritten explicitly by their own policies. You can restrict what data users and systems can display down to the component/sub-component level if desired.