Support Questions

Find answers, ask questions, and share your expertise

NIFI - policies for Connection

avatar
Rising Star

Hi all,

In the WEB UI NFI, I can find where modifie the policies to have permission to list/empty queue

thanks for help.

1 ACCEPTED SOLUTION

avatar
Master Mentor
@mayki wogno

In order to list a queue you need the "view the data" policy.

in order to empty a queue you need the "modify the data" policy.

If you are working with a NiFi cluster, all your nodes in the cluster will also need to be granted these policies as well.

Click on the key in the "operate" window to the left of the Canvas:

8872-screen-shot-2016-10-25-at-110236-am.png

Then select the two policies listed above (Click override if you want to create a new policy and not edit the parent policy that is inherited). Add the Cluster node users and any other users you want to have those abilities.

Thanks,

Matt

View solution in original post

12 REPLIES 12

avatar
Rising Star

@mclark : I've only this message

2016-10-26 14:53:13,685 INFO [NiFi Web Server-8190] o.a.n.w.a.c.AccessDeniedExceptionMapper user2@domain.net does not have permission to access the requested resource. Returning Forbidden response.
2016-10-26 14:53:13,733 INFO [NiFi Web Server-8202] o.a.n.w.s.NiFiAuthenticationFilter Attempting request for (<user2@domain.net><CN=nifi011, OU=NIFI><CN=nifi012, OU=NIFI>) POST https://nifi011:80/nifi-api/flowfile-queues/f7135017-0157-1000-0000-000041926053/drop-requests (source ip: 10.234.217.16)
2016-10-26 14:53:13,733 INFO [NiFi Web Server-8202] o.a.n.w.s.NiFiAuthenticationFilter Authentication success for user2@domain.net

avatar
Master Mentor

Is user2@domain.net part of your "Admin NiFi" user group?

Did you grant "Admin Group" the "modify the data" policy?

You can set DEBUG in you logback.xml file for the following line to get more output in your nifi-users.log:

<logger name="org.apache.nifi.web.api.config" level="INFO" additivity="false">

No nifi restarts are needed for any changes to the logback.xml file to take affect.

Matt

avatar
Expert Contributor

Following what Bryan Bende mentioned (in the case of a cluster),

You need to make sure all cluster nodes are a part of the policy. In my case, I created a new Group 'Cluster' and added all the nodes in this group. Then I went ahead and added this Group to a processor group (added this group for pilicies: view the data and modify the data)