Support Questions

Find answers, ask questions, and share your expertise

Data Provenance doesn't show in cluster mode?

avatar
Explorer

I have a nifi cluster with login and authorization enabled. The problem is I couldnt search for provenance as admin, I'm sure I have "query provenance" policy and "view the data" permission for Nifi Flow. What else need to be done to enable provenance search?

1 ACCEPTED SOLUTION

avatar
Master Mentor

@Dung Nguyen

*** This topic applies to HDF 2.0 and NiFI 1.0 versions only. Does not apply to HDF 1.x and NiFi 0.x versions.

There are multiple permissions which need to be in place in order to perform Provenance queries and view the data returned by those queries.

1. Users who want to perform Provenance queries will need to have permission granted to the "query provenance" policy. Select "Policies" from the Hamburger menu in the upper right corner of NiFi UI:

7583-screen-shot-2016-09-13-at-91215-am.png

2. In order to view the results (the data) returned by the provenance query, both the users and systems/servers in the NiFi cluster will need to have "view data" permissions to the components the query results are returned against. Policies are assigned at the component level by selecting a component and applying a policies as illustrated below:

7584-screen-shot-2016-09-13-at-92942-am.png

*** What is important to note here is that both users and servers in this NiFi cluster need "view the data" permissions or no query results will be displayed to the UI.

In the above example i applied my policies to the root process group (Top level of canvas). Any components (Processors, process groups, etc...) created on this top layer will inherit these policies unless overwritten explicitly by their own policies. You can restrict what data users and systems can display down to the component/sub-component level if desired.

Thanks,

Matt

View solution in original post

2 REPLIES 2

avatar
Master Mentor

@Dung Nguyen

*** This topic applies to HDF 2.0 and NiFI 1.0 versions only. Does not apply to HDF 1.x and NiFi 0.x versions.

There are multiple permissions which need to be in place in order to perform Provenance queries and view the data returned by those queries.

1. Users who want to perform Provenance queries will need to have permission granted to the "query provenance" policy. Select "Policies" from the Hamburger menu in the upper right corner of NiFi UI:

7583-screen-shot-2016-09-13-at-91215-am.png

2. In order to view the results (the data) returned by the provenance query, both the users and systems/servers in the NiFi cluster will need to have "view data" permissions to the components the query results are returned against. Policies are assigned at the component level by selecting a component and applying a policies as illustrated below:

7584-screen-shot-2016-09-13-at-92942-am.png

*** What is important to note here is that both users and servers in this NiFi cluster need "view the data" permissions or no query results will be displayed to the UI.

In the above example i applied my policies to the root process group (Top level of canvas). Any components (Processors, process groups, etc...) created on this top layer will inherit these policies unless overwritten explicitly by their own policies. You can restrict what data users and systems can display down to the component/sub-component level if desired.

Thanks,

Matt

avatar
Explorer
Thank you! What I missed here is to grant permission "view the data" of nifi flow to nodes in cluster.