Support Questions

Find answers, ask questions, and share your expertise

NIFI 1.14: User policy is not showing on the GUI

New Contributor

Dears,

I install NIFI 1.14 with a secure cluster. When open NIFI GUI, the user access policy and Users list is missing. I try single mode but the result is the same. First screen my new NIFI 1.14 version.Second screen old NIFI 1.11. How to add policy and users on NIFI1.14?

 

NIFI  1.14  new versionNIFI 1.14 new versionNIFI 1.1 old versionNIFI 1.1 old version

2 REPLIES 2

New Contributor

Hi.
I hope you're okay.

how did you solve the problem?

I have the same problem and I don't know how solve it.

I have the latest nifi version, SSL, I did set Initial Admin and not worked.

Master Guru

@Bakho @tiagot 


NiFi 1.14.0 is the first Apache NiFi release that starts up secured by default:
https://cwiki.apache.org/confluence/display/NIFI/Release+Notes#ReleaseNotes-Version1.14.0

NOTE: when using the new Single-User-Provider, NiFi does not support setting new policies or adding additional users and groups via the UI.  The "single user" by default is authorized for what is needed to build dataflows.  So first make sure if you want to support multiple users, you configure your NiFi to use a different login provider or no login provider and use user/client certificates to authenticate via TLS.

If you have already done the above, my guess here is that NiFi was launched for the first time before your initial admin identity was added/set.

The NiFi authorizers.xml controls authorization of authenticated users.

The default setup utilizes the following providers:

    <userGroupProvider>
        <identifier>file-user-group-provider</identifier>
        <class>org.apache.nifi.authorization.FileUserGroupProvider</class>
        <property name="Users File">./conf/users.xml</property>
        <property name="Legacy Authorized Users File"></property>
        <property name="Initial User Identity 1"></property>
    </userGroupProvider>

    <accessPolicyProvider>
        <identifier>file-access-policy-provider</identifier>
        <class>org.apache.nifi.authorization.FileAccessPolicyProvider</class>
        <property name="User Group Provider">file-user-group-provider</property>
        <property name="Authorizations File">./conf/authorizations.xml</property>
        <property name="Initial Admin Identity"></property>
        <property name="Legacy Authorized Users File"></property>
        <property name="Node Identity 1"></property>
        <property name="Node Group"></property>
    </accessPolicyProvider>

    <authorizer>
        <identifier>managed-authorizer</identifier>
        <class>org.apache.nifi.authorization.StandardManagedAuthorizer</class>
        <property name="Access Policy Provider">file-access-policy-provider</property>
    </authorizer>

The file-user-group-provider creates the users.xml file which holds your local created user and group associations (you would set your initial admin in the "Initial User Identity 1" property.
The file-access-policy-provider creates the authorizations.xml file and generates authorizations needed for the configured "Initial Admin Identity" property identity.

NiFi will only generate these files if they do NOT already exist.  If your NiFi was started before you set the properties I described above for both "Initial User Identity 1" and "Initial Admin Identity", the originally generated users.xml and authorizations.xml files would contain no users or authorizations.


I suggest verifying the configuration in your authorizers.xml file, removing the existing users.xml and authorizations.xml files, and then restart your NiFi. 


If you found this response assisted with your query, please take a moment to login and click on "Accept as Solution" below this post.

Thank you,

Matt