Support Questions

Find answers, ask questions, and share your expertise

NIFI Access & Policies

avatar
Rising Star

I have Nifi setup using HTTPS, I have created the certs, and I have added my cert to the authorizers file within the <property name="Initial Admin Identity"></property> tags. I can access NIFI just fine and I can get to the Users and Policies areas via the top-right Global Menu and I have successfully added other users who all can access Nifi as well.

However, I must have something wrong as no one (including myself) has the ability to edit the canvas. Per the HDF docs, section 6.3.3 Access Policy Configs, everyone looks like "User 2" with the component toolbar inactive.

Further, to add to my confusion, I can access policies by clicking the top-right Global Menu and going to Policies, but per section 6.3.3.2 Creating Users and Groups, I cannot click on the Access Policies icon (a key) - or I can actually click on it, but nothing happens.

Can anyone offer insights as to what I may have wrong?

Any assistance is very much appreciated.

1 ACCEPTED SOLUTION

avatar
Master Mentor

@marksf

The access policies granted via the global access policies found in the upper right hand corner of the UI are used for NiFi controller level policies. What you need to add are component level access policies that will grant users the ability to interface with the canvas in the from of adding, modifying, and removing components.

This is done through the "Operate" panel found on the left hand side of the canvas:

12573-screen-shot-2017-02-02-at-112254-am.png

Select the key icon to open the access policies for the selected component. In the screenshot above the root canvas "NiFi Flow process group" is selected. Access policies applied to a process group are inherited by by all sub-process groups and components by default.

IN order for users to be able to add/modify/remove components, they must be granted the "view the component" and "modify the component" access policies.

Thanks,

Matt

View solution in original post

5 REPLIES 5

avatar
Master Guru

You need to grant your users Read/Write access to the root process group (i.e. the top level canvas). You do this from the context palette on the left, using the the little policy icon.

avatar
Master Mentor

@marksf

The access policies granted via the global access policies found in the upper right hand corner of the UI are used for NiFi controller level policies. What you need to add are component level access policies that will grant users the ability to interface with the canvas in the from of adding, modifying, and removing components.

This is done through the "Operate" panel found on the left hand side of the canvas:

12573-screen-shot-2017-02-02-at-112254-am.png

Select the key icon to open the access policies for the selected component. In the screenshot above the root canvas "NiFi Flow process group" is selected. Access policies applied to a process group are inherited by by all sub-process groups and components by default.

IN order for users to be able to add/modify/remove components, they must be granted the "view the component" and "modify the component" access policies.

Thanks,

Matt

avatar
Rising Star

Thank you! Much has changed since version 0.6.1.

avatar
Rising Star

Ok, you are referencing the access icon in the below screenshot, correct? I just need to ensure I am at the root level, not inside a processor.

12574-rootprocessorgroup.png

Thank you!

avatar
Master Mentor
@marksf

Correct, the "key" icon will allow you to apply component level access policies to your process group with id "863928d5-12e7-...."

Once "view the component" is granted the ID will be replaced with the actual process group name. "Modify the component" will allow the user to also add, modify and delete components within that process group.

Thanks,

Matt