Support Questions

Find answers, ask questions, and share your expertise

No show Users and Policies in Global Menu

avatar
New Contributor

Hi..

I don't see the Users and Policies items in the Global Menu

Google Chrome ver99

Apache NiFi 1.15.3

 

AndreDre1_1-1647966818005.png

 

1 ACCEPTED SOLUTION

avatar
Super Guru

Hi @AndreDre1 ,

 

You probably have a default NiFi configuration, which uses the single-user-authorizer. This authorizer doesn't have a Users menu in the UI. To see the Users menu you need to switch to another authorizer.

 

For example, if you have a brand new installation of NiFi with the default configuration, follow the steps below:

 

  1. Edit the conf/nifi.properties file and update the following property:
    nifi.security.user.authorizer=managed-authorizer
  2. Add the name of your initial admin in the following two places in conf/authorizers.xml:
    ...
    <userGroupProvider>
      <identifier>file-user-group-provider</identifier>
      <class>org.apache.nifi.authorization.FileUserGroupProvider</class>
      <property name="Users File">./conf/users.xml</property>
      <property name="Legacy Authorized Users File"></property>
      <property name="Initial User Identity 1">ADMIN_USERNAME_HERE</property>
    </userGroupProvider>
    ...
    <accessPolicyProvider>
      <identifier>file-access-policy-provider</identifier>
      <class>org.apache.nifi.authorization.FileAccessPolicyProvider</class>
      <property name="User Group Provider">file-user-group-provider</property>
      <property name="Authorizations File">./conf/authorizations.xml</property>
      <property name="Initial Admin Identity">ADMIN_USERNAME_HERE</property>
      <property name="Legacy Authorized Users File"></property>
      <property name="Node Identity 1"></property>
      <property name="Node Group"></property>
      </accessPolicyProvider>
    ...​
  3. Stop NiFi:
    ./bin/nifi.sh stop​
  4. Remove users.xml and authorizations.xml:
    rm conf/users.xml conf/authorizations.xml​
  5. Start NiFi:
    ./bin/nifi.sh start​
  6. After you login to NiFi you should now be able to see the Users menu:

araujo_0-1648029530077.png

 

Cheers,

André

--
Was your question answered? Please take some time to click on "Accept as Solution" below this post.
If you find a reply useful, say thanks by clicking on the thumbs up button.

--
Was your question answered? Please take some time to click on "Accept as Solution" below this post.
If you find a reply useful, say thanks by clicking on the thumbs up button.

View solution in original post

5 REPLIES 5

avatar
Super Guru

Hi @AndreDre1 ,

 

You probably have a default NiFi configuration, which uses the single-user-authorizer. This authorizer doesn't have a Users menu in the UI. To see the Users menu you need to switch to another authorizer.

 

For example, if you have a brand new installation of NiFi with the default configuration, follow the steps below:

 

  1. Edit the conf/nifi.properties file and update the following property:
    nifi.security.user.authorizer=managed-authorizer
  2. Add the name of your initial admin in the following two places in conf/authorizers.xml:
    ...
    <userGroupProvider>
      <identifier>file-user-group-provider</identifier>
      <class>org.apache.nifi.authorization.FileUserGroupProvider</class>
      <property name="Users File">./conf/users.xml</property>
      <property name="Legacy Authorized Users File"></property>
      <property name="Initial User Identity 1">ADMIN_USERNAME_HERE</property>
    </userGroupProvider>
    ...
    <accessPolicyProvider>
      <identifier>file-access-policy-provider</identifier>
      <class>org.apache.nifi.authorization.FileAccessPolicyProvider</class>
      <property name="User Group Provider">file-user-group-provider</property>
      <property name="Authorizations File">./conf/authorizations.xml</property>
      <property name="Initial Admin Identity">ADMIN_USERNAME_HERE</property>
      <property name="Legacy Authorized Users File"></property>
      <property name="Node Identity 1"></property>
      <property name="Node Group"></property>
      </accessPolicyProvider>
    ...​
  3. Stop NiFi:
    ./bin/nifi.sh stop​
  4. Remove users.xml and authorizations.xml:
    rm conf/users.xml conf/authorizations.xml​
  5. Start NiFi:
    ./bin/nifi.sh start​
  6. After you login to NiFi you should now be able to see the Users menu:

araujo_0-1648029530077.png

 

Cheers,

André

--
Was your question answered? Please take some time to click on "Accept as Solution" below this post.
If you find a reply useful, say thanks by clicking on the thumbs up button.

--
Was your question answered? Please take some time to click on "Accept as Solution" below this post.
If you find a reply useful, say thanks by clicking on the thumbs up button.

avatar
New Contributor

Thank you very much @araujo !!!👏

avatar
Super Guru

@AndreDre1 , did the above answer your question?

 

André

--
Was your question answered? Please take some time to click on "Accept as Solution" below this post.
If you find a reply useful, say thanks by clicking on the thumbs up button.

--
Was your question answered? Please take some time to click on "Accept as Solution" below this post.
If you find a reply useful, say thanks by clicking on the thumbs up button.

avatar
New Contributor

Hi @araujo  this link was really useful . But where can i get the password for newly created users. Without password how can new users access it . I am not able to find any documentation for that. i have checked in all the files as well and couldn't find any passwords

avatar
Master Mentor

@Manika 

The single-user-provider used by NiFi out of the box does not support multiple users.  It simply sets up a single user to access the secured NiFi suing the out of the box NiFi setup.  Only the very first time NiFi is launched with this setup will the generated username and password be output in the nifi-app.log.  You can use the following command to change that username and password:

$ ./bin/nifi.sh set-single-user-credentials <username> <password>

This single user username and password has full access to everything, so NiFi does not expose "policies" as setting up additional users is not possible.

 

NiFi provides no other provider for local users.  NiFi historically has left user management as an external dependency.  In order tp support multiple users with and various level of authorization, you will need to switch to using a different authorizer and authentication method.

Switching to another authentication method will require you establish an external means for user authentication.  NiFi has numerous supported methods (User certificate, LDAP, Kerberos, etc.)
https://nifi.apache.org/docs/nifi-docs/html/administration-guide.html#user_authentication

Once you have selected the method you will use to authenticate your users that is not the "single-user-provider", you need to change your authorizer from "single-user-authorizer" to "standard-managed-authorizer":
https://nifi.apache.org/docs/nifi-docs/html/administration-guide.html#standardmanagedauthorizer

 

If you found that any of the provided solution(s) assisted you with your query, please take a moment to login and click Accept as Solution below each response that helped.


Thank you,

Matt