Support Questions

@Zifo1 

Welcome to the community....

The Single User Authorizer is not a full featured authorization provider. It was only added to Apache NiFi so that out-of-the-box NiFi would be able to start securely easily for evaluation purposes.  It does not provide a mechanism for creating additional authorizations for other identities such as other NiFi instances.

In order to support authorizing additional user/client identities against various NiFi policies, you'll need to switch to using a production ready authorizer like the "managed-authorizer".
A typical example configuration would look like this:
https://nifi.apache.org/docs/nifi-docs/html/administration-guide.html#file-based-kerberos-authentica...

This setup uses the File-user-group-provider and file-access-policy-provider with the managed -authorizer.

Now you could configure your single user provider identity as the "Initial User Identity 1" in the file-user-group-provider and as the "initial admin identity" in the file-access-policy-provider.  This would setup the needed admin policies for this user identity you need.  

Note: Keep in mind that these providers will only generate the authorizations.xml and users.xml files the first time NiFi is started with this configuration. So if you set the above initial user and initial admin identities wrong, you'll need to fix config, delete these two files and start NiFi again so they are created again.

Above does nothing with authentication since you are still using the single user authentication.  With this default authentication provider you can only authenticate with the single user identity or using a clientAuth certificates (which may also be challenging with default truststore your out-of the-box NiFi uses).   Authentication via a mutualTLS exchange is how Nifi node to node communications work and NiFi site-to-Site.  In order for mutual TLS exchange to be successful there must be mutual trust of the certificate exchanged.  So if one NiFi's certificate is not trusted by the other NiFi's truststore, authentication will not be possible.  So you may need to add additional trustedCertEntries (public certs) to both your NiFi's truststores before you'll be able to successfully negotiate the MutualTLS exchange/handshake.

All the available authentication providers offered are documented here:
https://nifi.apache.org/docs/nifi-docs/html/administration-guide.html#user_authentication

Aside from the single-user authentication provider, all other providers rely on some external source.  Apache NiFi does not offer a multi-user local authentication provider.

I know this is a lot of info thus far, but should provide you the path to a slightly more production ready NiFi that will open up the ability to use additional features not available with the out-of-the-box setup.

If you found any of the suggestions/solutions provided helped you with your issue, please take a moment to login and click "Accept as Solution" on one or more of them that helped.

Thank you,
Matt

@Zifo1 

Have you been able to resolved your issue? If so, please mark the appropriate reply as the solution, as it will make it easier for others to find the answer in the future.