@Sunile ManjeeA "user" in NiFi is nothing more then an entity (user or server) that needs to have some level of authorization granted to it. In a NiFi cluster, end users can log in to the NiFi Cluster UI via any one of the connected nodes in the cluster. In a NiFi cluster you will have one node that is elected as the cluster coordinator. The cluster coordinator is responsible for replicating requests to all the node in the cluster.
Lets assume you have a 3 node cluster:
Node A
Node B (cluster coordinator)
Node C
If you are logged in to the UI for Node B, only Node B would need to be authorized to "proxy user requests" so that the changes the user makes in the UI can be proxied to all the nodes.
If you are logged in to the UI for Node A, both Node A and Node B would need to be authorized to "proxy user requests". This is because Node A would first need to proxy the users request to the current cluster coordinator (Node B here) and the Node B would proxy that users request to all nodes.
If you are logged into the UI for Node C, the behavior would be the same as explained above for Node A.
Since the Node that is elected the cluster coordinator can change over time, it is very important that all Nodes in your NiFi cluster are authorized to "proxy user requests".
The Nodes will also need to be authorized against other "Access policies" in NIFi in order to perform specific functions.
These policies may include "view the data" and/or "modify the data".
Nodes will need "view the data" in a Nifi cluster in order to select "list queue" on a connection. Since the current node's UI from which the user is logged in to is displaying the data from all nodes.
Nodes will need "modify the data" in order to "Empty Queue" since the node will be removing content displayed from all nodes in the cluster.
Thanks,
Matt
