Created 10-25-2016 02:47 PM
Hi all,
In the WEB UI NFI, I can find where modifie the policies to have permission to list/empty queue
thanks for help.
Created on 10-25-2016 03:04 PM - edited 08-18-2019 06:07 AM
In order to list a queue you need the "view the data" policy.
in order to empty a queue you need the "modify the data" policy.
If you are working with a NiFi cluster, all your nodes in the cluster will also need to be granted these policies as well.
Click on the key in the "operate" window to the left of the Canvas:
Then select the two policies listed above (Click override if you want to create a new policy and not edit the parent policy that is inherited). Add the Cluster node users and any other users you want to have those abilities.
Thanks,
Matt
Created 10-26-2016 12:56 PM
@mclark : I've only this message
2016-10-26 14:53:13,685 INFO [NiFi Web Server-8190] o.a.n.w.a.c.AccessDeniedExceptionMapper user2@domain.net does not have permission to access the requested resource. Returning Forbidden response. 2016-10-26 14:53:13,733 INFO [NiFi Web Server-8202] o.a.n.w.s.NiFiAuthenticationFilter Attempting request for (<user2@domain.net><CN=nifi011, OU=NIFI><CN=nifi012, OU=NIFI>) POST https://nifi011:80/nifi-api/flowfile-queues/f7135017-0157-1000-0000-000041926053/drop-requests (source ip: 10.234.217.16) 2016-10-26 14:53:13,733 INFO [NiFi Web Server-8202] o.a.n.w.s.NiFiAuthenticationFilter Authentication success for user2@domain.net
Created 10-26-2016 02:17 PM
Is user2@domain.net part of your "Admin NiFi" user group?
Did you grant "Admin Group" the "modify the data" policy?
You can set DEBUG in you logback.xml file for the following line to get more output in your nifi-users.log:
<logger name="org.apache.nifi.web.api.config" level="INFO" additivity="false">
No nifi restarts are needed for any changes to the logback.xml file to take affect.
Matt
Created 11-29-2016 06:37 AM
Following what Bryan Bende mentioned (in the case of a cluster),
You need to make sure all cluster nodes are a part of the policy. In my case, I created a new Group 'Cluster' and added all the nodes in this group. Then I went ahead and added this Group to a processor group (added this group for pilicies: view the data and modify the data)