Cloudera Community

Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search
Solved Go to solution

NIFI - policies for Connection

Labels:
avatar
author-rank maykiwogno
Rising Star

Created ‎10-25-2016 02:47 PM

Hi all,

In the WEB UI NFI, I can find where modifie the policies to have permission to list/empty queue

thanks for help.

6,966 Views
0 Kudos
1 ACCEPTED SOLUTION

avatar
author-rank MattWho author-rank
Master Mentor

Created on ‎10-25-2016 03:04 PM - edited ‎08-18-2019 06:07 AM

@mayki wogno

In order to list a queue you need the "view the data" policy.

in order to empty a queue you need the "modify the data" policy.

If you are working with a NiFi cluster, all your nodes in the cluster will also need to be granted these policies as well.

Click on the key in the "operate" window to the left of the Canvas:

8872-screen-shot-2016-10-25-at-110236-am.png

Then select the two policies listed above (Click override if you want to create a new policy and not edit the parent policy that is inherited). Add the Cluster node users and any other users you want to have those abilities.

Thanks,

Matt

View solution in original post

6,046 Views
12 REPLIES 12

avatar
author-rank maykiwogno
Rising Star

Created ‎10-26-2016 12:56 PM

@mclark : I've only this message

2016-10-26 14:53:13,685 INFO [NiFi Web Server-8190] o.a.n.w.a.c.AccessDeniedExceptionMapper user2@domain.net does not have permission to access the requested resource. Returning Forbidden response.
2016-10-26 14:53:13,733 INFO [NiFi Web Server-8202] o.a.n.w.s.NiFiAuthenticationFilter Attempting request for (<user2@domain.net><CN=nifi011, OU=NIFI><CN=nifi012, OU=NIFI>) POST https://nifi011:80/nifi-api/flowfile-queues/f7135017-0157-1000-0000-000041926053/drop-requests (source ip: 10.234.217.16)
2016-10-26 14:53:13,733 INFO [NiFi Web Server-8202] o.a.n.w.s.NiFiAuthenticationFilter Authentication success for user2@domain.net
3,160 Views
0 Kudos

avatar
author-rank MattWho author-rank
Master Mentor

Created ‎10-26-2016 02:17 PM

Is user2@domain.net part of your "Admin NiFi" user group?

Did you grant "Admin Group" the "modify the data" policy?

You can set DEBUG in you logback.xml file for the following line to get more output in your nifi-users.log:

<logger name="org.apache.nifi.web.api.config" level="INFO" additivity="false">

No nifi restarts are needed for any changes to the logback.xml file to take affect.

Matt

2,477 Views
0 Kudos

avatar
author-rank obaid_salikeen
Expert Contributor

Created ‎11-29-2016 06:37 AM

Following what Bryan Bende mentioned (in the case of a cluster),

You need to make sure all cluster nodes are a part of the policy. In my case, I created a new Group 'Cluster' and added all the nodes in this group. Then I went ahead and added this Group to a processor group (added this group for pilicies: view the data and modify the data)

2,477 Views
0 Kudos
Announcements
What's New @ Cloudera
Cloudera Data Engineering 1.23: Access Spark from Your Favor...
What's New @ Cloudera
HBase REST server scaling support is Generally Available
What's New @ Cloudera
New CLI option in the update-database command
What's New @ Cloudera
New Action menu item in the Cloudera Operational Database UI
What's New @ Cloudera
Get the list of supported instance types in the Cloudera Ope...
View More Announcements