@jirungaray  Cloudera Flow Management (Based on Apache NiFi) provides multiple methods for managing user authorization.  This includes NiFi internally via the File-Access-Policy-Provider and externally via Apache Ranger.  There is no built in mechanism for auto setting up authorization policies for users or groups with the exception of the Initial Admin and Initial NiFi Node authorizations. Many of the Authorization policies are directly related to the components added to the canvas.  Those components are assigned unique IDs making it impossible to  create policies before the components exist.  File-Access-Policy-Porvider:  This provider utilizes a file on disk (authorizations.xml) to persists authorization policies.  This file is loaded when NiFi starts.  This means it is possible to manually generate this file and have NiFi load it on startup.   Also as you mentioned, you could script out the authorization creating through NiFi Rest-API calls.  Ranger provider: This moves authorization responsibility over to Apache Ranger.  Policies setup within Ranger are download by the NiFi nodes where they are locally enforced.  No matter which authorizer you choose to use, authorizations are easiest to manage via groups.  Typical users setup ldap groups for various NiFi roles (admins, team 1, team2, etc..) and makes specific users members of these groups.  This simplifies authorization since you can authorizer these groups instead of the individual users. Simply adding or removing a user as member of one of these authorized groups gives or removes authorized access to the NiFi resource identifier (NiFi policy).  The ldap-user-group-provider can be added to the NiFi authorizers.xml to auto manage syncing of user and group identities from your AD/LDAP further simplifying management over the file-user-group-provider method which requires the manual adding of user and group identifiers to the NiFi. Please help our community thrive. If you found any of the suggestions/solutions provided helped you with solving your issue or answering your question, please take a moment to login and click "Accept as Solution" on one or more of them that helped. Thank you, Matt   ... View more

Hi, sorry for the delay, I have not received any notification. It is parcel provided by myself. The problem was bypassed as follows : Manually copy parcel on parcel-repo folder Creating sha parcel Restarting cloudera server service Parcel is downloaded in cloudera's parcels ... View more

Edited:Fixed typo in snippet This should work, although I haven't tested it yet     #!/bin/bash #Request access token my_token="$(curl "https://${NIFI_WEB_HTTPS_HOST:-$HOSTNAME}:${NIFI_WEB_HTTPS_PORT:-8443}/nifi-api/access/token?username=${SINGLE_USER_CREDENTIALS_USERNAME:-admin}&password=${SINGLE_USER_CREDENTIALS_PASSWORD:-password}" \ -H 'Content-type:application/x-www-form-urlencoded' \ -X POST)" #Create gitlab registry client curl "https://${NIFI_WEB_HTTPS_HOST:-$HOSTNAME}:${NIFI_WEB_HTTPS_PORT:-8443}/nifi-api/controller/registry-clients" \ -H 'content-type: application/json' \ -H "authorization: bearer ${my_token}" \ --data-raw "{\"revision\":{\"version\":0},\"disconnectedNodeAcknowledged\":false,\"component\":{\"name\":\"${GITLAB_REGISTRY_CLIENT_NAME:-gitlab_reg_client}\",\"type\":\"org.apache.nifi.gitlab.GitLabFlowRegistryClient\",\"description\":\"${GITLAB_REGISTRY_CLIENT_DESCRIPTION:-gitlab_reg_description}\", \"properties\":{\"GitLab API URL\":\"https://${GITLAB_REGISTRY_WEB_HTTPS_HOST:-gitlab.com}:${GITLAB_REGISTRY_WEB_HTTPS_HOST:-443}\",\"Repository Namespace\":\"${GITLAB_REGISTRY_CLIENT_REPOSITORY_NAMESPACE:-default}\",\"Repository Name\":\"${GITLAB_REGISTRY_CLIENT_REPOSITORY_NAME:-default}\",\"Access Token\":\"${GITLAB_REGISTRY_CLIENT_REPOSITORY_ACESS_TOKEN:-insert-your-token}\"}}}"      Best regards Wojtek ... View more