@Christophe Vico Confirm the DN of the PrivateKeyEntry in the keystore of all you nodes. # keystore -v --list -keystore <keystorename> Also confirm the patterns have been set on all nodes in the nifi.properties file. All it takes is a slight difference (extra space, missing space, case sensitivity, etc...) Thanks, Matt ... View more

@matthew N Accessing the NiFi UI requires to things to be successful: 1. User Authentication: You appear to be using LDAP to handle this part. 2. User Authorization: By default NiFi uses its internal file based authorizer (Configured in authorizers.xml) If an authenticated user lacks sufficient authorization to access a NiFi resource, you will see the "Unable to perform the desired action due to insufficient permissions. Contact the system administrator." response from NiFi. In order for an authenticated user to see the NiFi UI, they must at a minimum be granted the "view the user interface" access policy. Whichever user was configured as your "Initial admin Identity" will need to access the UI and add additional users and access policies for those users. Also keep in mind that NiFi generates the users.xml and authorizations.xml files only once the first time your NiFi is started securely. If you update who your initial admin identity is later, it will not get updated if these files already exist. If this is the first time setting up a new system, simply delete the users.xml and authorizations.xml files and restart NiFi. They will then be created again based on the current configurations in the authorizers.xml. Before updating your initial admin identity in the authorizers.xml file, I suggest looking in your nifi-user.log to versify the exact string being passed to the authorizer. It must match exactly since it is case sensitive and spaces also count as valid characters. (for example: CN= is not the same as cn=) The string you see output in the nifi-user.log is what will be passed to the authorizer. Thanks, Matt ... View more

@matthew N Sharing the full stack trace that goes along with the above NPE will help identify where the issue is occurring. ... View more

@Paras Mehta Unless the SQL statement in the content of each of your FlowFiles is identical, a new transaction will be created for each FlowFile rather then multiple FlowFiles in a single transaction. This is because of how the putSQL is designed to do batch inserts. The SQL command may use the ? to escape parameters. In this case, the parameters to use must exist as FlowFile attributes with the naming convention sql.args.N.type and sql.args.N.value, where N is a positive integer. The sql.args.N.type is expected to be a number indicating the JDBC Type. The content of the FlowFile is expected to be in UTF-8 format. So consider the case where you are inserting to a common DB table. In order to have every insert statement be exactly identical you will need to create attributes sql.args.N.type and sql.args.N.value for each column. sql.args.1.type ---> 12 sql.args.1.value ---> bob sql.args.2.type ---> 12 sql.args.2.value ---> smith sql.args.3.type --> 12 sql.args.3.value --> SME And so on.... You can use UpdateAttribute and maybe ExtractText processors to set these attributes on your FlowFiles. The you can use a ReplaceText processor to replace the content of your FlowFile with a common INSERT statement like below: INSERT INTO mydb("column1","column2","column3") VALUES(?,?,?) Now every FlowFile will have identical content and batch inserts will work in a single transaction. The "?" are replaced by the values from the attributes sql.args.1.value. sql.args.2.value, sql.args.3.value, and so on.... Thanks, Matt ... View more

@mel mendoza May I suggest that you open an Apache Jira against NiFi for this. Thanks, Matt ... View more

@Christophe Vico Exactly, so only <name> as you saw would have been passed to ranger for authorization. It is working correctly based upon your current configuration. Can you access the UI of all of the other nodes without issue? Do there DNs match the same patterns on those nodes. If my above answer addressed your question, please accept that answer. Thank you, Matt ... View more