I have deployed Nifi cluster and enabled Nifi-Ranger plugin. Using client certficate I am able to login to Nifi UI but when I login with AD credentials, I get authorization issues. In the Ranger audit section I see the nifi plugin sync happening. But authorizaton goes unsuccessful.
So on debugging I found that the json file where the policies are updated locally is empty with a file size 0kb. I tried re-enabling the plugin but no luck and also moving the empty json file and re-enabling the plugin, the file gets re-created but the sync does not happen. I also checked the permissions, which were "nifi:nifi" so changed it to "nifi:hadoop" but no luck.
Is this a bug or I am missing something? I see other plugins in HDP cluster working perfectly, this is the case I am seeing in HDF-Ranger.
And yeah All logs are clean.
Any help is appreciated.
Yes @Bryan Bende I have created user policies. But even if no policy is created, my understanding is the json file should not be empty, it should be filled up with atleast some attributes? but in this case it is empty, 0kb file.
Also I have followed this document while setting up policies for node-identities, and have setup additional user policies.
Is the json file you are looking at in /tmp/ ? You are correct that it should not be empty.
Also, do you see any errors in nifi-app.log or in ranger_admin.log when the sync is happening?
Also, is Ranger secured in any way? Kerberos or SSL?