You did it! I changed my tracking strategy to "Tracking timestamps" and it now populated the "View State" window. Thank you very much for your assistance! ... View more

@GKHN_  As I described in my first response, Authentication and Authorization are two different processes.   So it sounds like from your comment that authentication is working fine for both your users and authorization is failing for your non admin user.  So issue is within the authorization phase. I assume both of your users are authenticating via ldap? In your ldap-provider in the login-identity-providers.xml you have the "Identity Strategy" set to  "USE_DN".   With this setting you the users full ldap DN will be used as the user identity string after successful authentication.  This means that entire DN is being passed to the authorizer to lookup if that full dn has been authorized to the requested end-point NiFi policy. I see you have your initial admin identity manually defined in the file-user-group-provider and the file-access-policy provider: CN=NIFIUSER,OU=Userpro,OU=CUsers,OU=Company,DC=company,DC=entp So when you login via ldap with this user's ldap username and ldap password, the user's entire DN is being passed to the authorizer and the file-access-policy provider has setup all admin related NiFi policies for this initial admin user identity. I also see from the shared authorizers.xml that the only user-group-provider the "file-access-policy provider" is configured to use is the "file-user-group-provider".  The file-user-group-provider requires the admin user to manually add additional user identities manually from the with the NiFi UI (Remember that with your current ldap-provider login provider, all your ldap user identities are going to be full DNs). As the admin user, go to the NiFi global menu and select "USERS": From the NiFi Users UI, select the "+" to add a new user: Then enter the full DN for your second user (Case sensitive). unless you have added any groups, your list of groups will be blank. Now that you have added this second user identity, you'll need to start authorizing that user identities for the various policy they need.  In order to access the NiFi UI, all users must be authorized to "view the user interface".  From the same NiFi Global menu mentioned above, select "Policies" this time.  Then from the "Access Policies" UI that appears, select "view the user interface" from the policy list pull-down. Then click on the icon to the right that looks like a person with a "+".  Find the user identity you just added and check the box and click the "Add" button. Now this user can access the NIFi UI. There are other policies this user will need before they can start building dataflows on the UI.  NiFi allows for very granular authorizations.   But at the minimum the user will need to be authorized on the process group in which they will build their dataflows.  Not all policies are defined from  the "Access Policies" UI in the global menu. the component level policies are define directly via the individual component (keep an eye out for the "key" icon)  From the "Operation" panel directly on the NiFi canvas you can set policies on the currently selected component: Above I have selected my root Process Group (PG). If you click the key icon you will see all the access policies that users can be authorized for.  You'll need to select each one by one your user will need and add the user to them. Above will allow you to setup access for your additional users using the file-user-group-provider you have configured in your authorizers.xml. Please help our community grow. If you found any of the suggestions/solutions provided helped you with solving your issue or answering your question, please take a moment to login and click "Accept as Solution" on one or more of them that helped. Thank you, Matt ... View more

@HoangNguyen  Keep in mind that the Apache NiFi Variable Registry no longer exist in Apache NiFi 2.x releases and there is no more development of the Apache NIFi 1.x versions.  NiFi Parameter Contexts, which were introduced in later versions of Apache NiFi 1.x, provides similar capability going forward and should be used instead of the variable registry.  You'll be forced to transition to Parameter Contexts in order to move to Apache NiFi 2.x. versions.   Please help our community grow. If you found any of the suggestions/solutions provided helped you with solving your issue or answering your question, please take a moment to login and click "Accept as Solution" on one or more of them that helped. Thank you, Matt ... View more

@AlokKumar  User authentication using OpenID Connect: OpenID Connect If you found that any of the provided solution(s) assisted you with your query, please take a moment to login and click Accept as Solution below each response that helped. Thank you, Matt ... View more

Hi Matt, Just to clarify one point—specifically in the context of NiFi REST API 2.0+—is there an endpoint where we can exchange an Azure AD access token for a NiFi access token, similar to a token exchange flow? Or, if such a direct token exchange is not supported (i.e., the token must always be obtained via browser redirection to the NiFi URL), could you please confirm that this is indeed the case? Thanks in advance!   ... View more

So I stumbled on this tool called Data Flow Manager  (DFM) while working on some NiFi stuff, and… I’m kinda blown away? Been using NiFi for a few years. Love it or hate it, you know how it goes. Building flows, setting up controller services, versioning… it adds up. Honestly, never thought I’d see a way around all that. With DFM, I literally just picked the source, target, and a bit of logic. No canvas. No templates. No groovy scripting. Hit deploy, and the flow was live in under a minute. ... View more

OK, @MattWho, thanks for your help. ... View more

@justloseit  NiFi Process groups are just logical containers for processors.  A Process group does not run/execute.  Selecting "Start" on a process group triggers starting of all the components within that process group.  In your case it sounds like you have have setup cron scheduling on your ingest/starting processor(s) within the process group.  All downstream processors to that source should be set run all the time and not cron based scheduling.  So what you are really looking for is how long it took the processors within that process group to process all produced FlowFiles to point of termination? Besides looking at the lineage data for each FlowFile that traverses all the processor in a process group, I can't think of how else you would get that data.   Take a look at the SiteToSiteProvenanceReportingTask available in Apache NiFi.  It allows you send the provenance data (produces a lot of data depending on size of yoru dataflows and amount of FlowFiles being processed) via NiFi's Site-To-Site protocol to another NiFi instance (would recommend a separate dedicated NiFi to receive this data).  You can then build a  dataflow to process that data how you want to retain what information you need, or send it to an external storage/processing system. Please help our community grow. If you found any of the suggestions/solutions provided helped you with solving your issue or answering your question, please take a moment to login and click "Accept as Solution" on one or more of them that helped. Thank you, Matt ... View more