Support Questions

Find answers, ask questions, and share your expertise

Nifi unable to list/empty queue.

avatar
Contributor

Hello 

we have secured Nifi cluster with 3 nodes. When we click to list or empty queue on connection, there is error message

 

Node is unable to fulfill this request due to: Unable to view the data for Processor with ID 904e5254-8129-32ce-967e-03876fc61926. Contact the system administrator. Returning Forbidden response

 

We grant user policy to view and modify data, but no success. Admin user got the same error.message

 

Regards

 

Kamil

 

3 ACCEPTED SOLUTIONS

avatar
Expert Contributor

You need to assign "modify the data" and "view the data" access policies. Also you need to grant the same policy to all your NiFi nodes as well. Please refer the below article for more details:

 

https://nifi.apache.org/docs/nifi-docs/html/administration-guide.html#component-level-access-policie...

View solution in original post

avatar
Contributor

Hi Daydav1

 

thank you for quick reply. 

I granted policies on one node of cluster, but it looks same on all nodes now. I was thinking, that it is automatic distributed.

How could I grant policy to all my Nifi nodes?

Regards

Kamil

View solution in original post

avatar
Contributor

Policy is synced to all the nodes. You can check that in Ranger->Audit->Plugins.
If not, then you should check if you have access policy for node identities, 

View solution in original post

3 REPLIES 3

avatar
Expert Contributor

You need to assign "modify the data" and "view the data" access policies. Also you need to grant the same policy to all your NiFi nodes as well. Please refer the below article for more details:

 

https://nifi.apache.org/docs/nifi-docs/html/administration-guide.html#component-level-access-policie...

avatar
Contributor

Hi Daydav1

 

thank you for quick reply. 

I granted policies on one node of cluster, but it looks same on all nodes now. I was thinking, that it is automatic distributed.

How could I grant policy to all my Nifi nodes?

Regards

Kamil

avatar
Contributor

Policy is synced to all the nodes. You can check that in Ranger->Audit->Plugins.
If not, then you should check if you have access policy for node identities,