Support Questions

Find answers, ask questions, and share your expertise
Announcements
Celebrating as our community reaches 100,000 members! Thank you!

Users missing in GUI

avatar
New Contributor

Hi to all, I'm new here, but I have a question. I'm trying to add a kind of local user to nifi but in the menu this option is not visible, how can I add a single user and password?

2 REPLIES 2

avatar
New Contributor

Hi.

I hope you're okay.

 

how did you solve the problem?

 

I have the same problem and I don't know how solve it.

 

I have the latest nifi version, SSL, I did set Initial Admin and not worked. 

avatar
Super Mentor

@Clarfim @tiagot 

 

Neither NiFi or NiFi-Registry support creating locally managed users for the purpose of authentication in to services.

NiFi provides numerous methods for authenticating a user/client.  The default which is always enabled is client/user based authentication via a Mutual TLS handshake.

Other methods which can be configured in addition toTLS can be found here:
https://nifi.apache.org/docs/nifi-docs/html/administration-guide.html#user_authentication

NOTE: As of Apache NiFi 1.14, a new Single User authentication method was introduced so that NiFi could be secure by default out-of-the-box.  If you choose to use this provider, it will be the ONLY user that can access this NiFi and will have full admin access.  If full multi-user access is desired, you must use another method of user authentication.

 

The "Users" UI that you see in NiFi is used so that NiFi authorization policies can be assigned to users and group strings. It is not used for creating local users with passwords within NiFi that can be used to authenticate into NiFi.  It also will not be present in UI if using the Single User authentication provider mentioned in previous note. When you configured the initial admin user string, it is used to by the authorizers.xml (depending on configuration) to initially construct a users.xml (contains user strings and group strings along with established association between them) and authorizations.xml (contains policies assigned to user and group strings) file.   Keep in mind that if the users.xml and authorizations.xml files already exist, they will not be updated if you make changes to your initial admin.  They are only generated f these files do not already exist.

Above example that results in a users.xml if you are using the file-user-group-provider or legacy FileAuthorizer provider in your authorizers.xml. None of the other providers will produce a users.xml and none of the other providers will allow you to manually add new user strings or group strings.  The other providers are all used to pull user and group strings from an external source.  The File-Access-Policy-provider is used to construct the authorizations.xml file.  The Initial admin string set in this provider allows NiFi to seed the authorizations.xml file when generated with the NiFi policies needed for that user to function as an Admin (reminder: file is only generated if it does not already exist). More info on setting up authorization in NiFi can be found here:
https://nifi.apache.org/docs/nifi-docs/html/administration-guide.html#multi-tenant-authorization

 

If you found this response assisted with your query, please take a moment to login and click on "Accept as Solution" below this post.

Thank you,

Matt