@yoonli  Yes, your node certificate DNs do not need to be returned by your ldap. The common cluster setup I shared has both the file-user-group-provider (which you would use to define user identities manually) and ldap-user-group-provider (which syncs users and/or groups from your ldap so you don't need to add them manually). So the file-user-group-provider might look something like this in your authorizers.xml: <userGroupProvider> <identifier>file-user-group-provider</identifier> <class>org.apache.nifi.authorization.FileUserGroupProvider</class> <property name="Users File">./conf/users.xml</property> <property name="Legacy Authorized Users File"></property> <property name="Initial User Identity 1">CN=nifi-cluster, OU=NiFi, O=NiFi Cluster, L=Hanoi, ST=HaNoi, C=VN</property> <property name="Initial User Identity 2"></property> </userGroupProvider> Above will create the user identity "CN=nifi-cluster, OU=NiFi, O=NiFi Cluster, L=Hanoi, ST=HaNoi, C=VN" for your node's certificate manually.  it then becomes available for your file-access-policy provider to use to seed the node policies needed.  If each of your NiFi nodes has a unique DN, you would add as many "Initial User Identity <num>" lines as needed to add them all on initial startup.  ***REMINDER: users.xml and authorizations.xml files are ONLY created if they do not already exist.  Edits to file-user-group-provider or file-access-policy provider will not edit preexisting files. The complete  recommended authorizers.xml setup would look something like this: <authorizers> <userGroupProvider> <identifier>file-user-group-provider</identifier> <class>org.apache.nifi.authorization.FileUserGroupProvider</class> <property name="Users File">./conf/users.xml</property> <property name="Legacy Authorized Users File"></property> <property name="Initial User Identity 1">CN=nifi-cluster, OU=NiFi, O=NiFi Cluster, L=Hanoi, ST=HaNoi, C=VN</property> <property name="Initial User Identity 2"></property> </userGroupProvider> <userGroupProvider> <identifier>ldap-user-group-provider</identifier> <class>org.apache.nifi.ldap.tenants.LdapUserGroupProvider</class> <property name="Authentication Strategy">ANONYMOUS</property> <property name="Manager DN"></property> <property name="Manager Password"></property> <property name="TLS - Keystore"></property> <property name="TLS - Keystore Password"></property> <property name="TLS - Keystore Type"></property> <property name="TLS - Truststore"></property> <property name="TLS - Truststore Password"></property> <property name="TLS - Truststore Type"></property> <property name="TLS - Client Auth"></property> <property name="TLS - Protocol"></property> <property name="TLS - Shutdown Gracefully"></property> <property name="Referral Strategy">FOLLOW</property> <property name="Connect Timeout">10 secs</property> <property name="Read Timeout">10 secs</property> <property name="Url">ldap://localhost:10389</property> <property name="Page Size"></property> <property name="Sync Interval">30 mins</property> <property name="Group Membership - Enforce Case Sensitivity">false</property> <property name="User Search Base">ou=users,o=nifi</property> <property name="User Object Class">person</property> <property name="User Search Scope">ONE_LEVEL</property> <property name="User Search Filter"></property> <property name="User Identity Attribute">cn</property> <property name="User Group Name Attribute"></property> <property name="User Group Name Attribute - Referenced Group Attribute"></property> <property name="Group Search Base">ou=groups,o=nifi</property> <property name="Group Object Class">groupOfNames</property> <property name="Group Search Scope">ONE_LEVEL</property> <property name="Group Search Filter"></property> <property name="Group Name Attribute">cn</property> <property name="Group Member Attribute">member</property> <property name="Group Member Attribute - Referenced User Attribute"></property> </userGroupProvider> <userGroupProvider> <identifier>composite-user-group-provider</identifier> <class>org.apache.nifi.authorization.CompositeConfigurableUserGroupProvider</class> <property name="Configurable User Group Provider">file-user-group-provider</property> <property name="User Group Provider 1">ldap-user-group-provider</property> </userGroupProvider> <accessPolicyProvider> <identifier>file-access-policy-provider</identifier> <class>org.apache.nifi.authorization.FileAccessPolicyProvider</class> <property name="User Group Provider">composite-user-group-provider</property> <property name="Authorizations File">./conf/authorizations.xml</property> <property name="Initial Admin Identity">nifi</property> <property name="Legacy Authorized Users File"></property> <property name="Node Identity 1">CN=nifi-cluster, OU=NiFi, O=NiFi Cluster, L=Hanoi, ST=HaNoi, C=VN/property> <property name="Node Identity 2"></property> </accessPolicyProvider> <authorizer> <identifier>managed-authorizer</identifier> <class>org.apache.nifi.authorization.StandardManagedAuthorizer</class> <property name="Access Policy Provider">file-access-policy-provider</property> </authorizer> </authorizers> *** Reminder: More then one user group provider added to the authorizers.xml can NOT return the same user or group identity.  So do not add any user identities you are syncing from ldap-user-group-provider to the file-user-group-provider or NiFi will throw an exception complaining that two providers returned the same identity. Hope this helps clarify.   Please help our community grow. If you found any of the suggestions/solutions provided helped you with solving your issue(s) or answering your question(s), please take a moment to login and click "Accept as Solution" on one or more of them that helped. Thank you, Matt ... View more

You did it! I changed my tracking strategy to "Tracking timestamps" and it now populated the "View State" window. Thank you very much for your assistance! ... View more

@HoangNguyen  Keep in mind that the Apache NiFi Variable Registry no longer exist in Apache NiFi 2.x releases and there is no more development of the Apache NIFi 1.x versions.  NiFi Parameter Contexts, which were introduced in later versions of Apache NiFi 1.x, provides similar capability going forward and should be used instead of the variable registry.  You'll be forced to transition to Parameter Contexts in order to move to Apache NiFi 2.x. versions.   Please help our community grow. If you found any of the suggestions/solutions provided helped you with solving your issue or answering your question, please take a moment to login and click "Accept as Solution" on one or more of them that helped. Thank you, Matt ... View more

Hello @MoJadallah,  Sorry for no one answering so far.  We do want to give you a good experience on your trial.  I assume you requested your free trial from here:  https://www.cloudera.com/products/cloudera-public-cloud-trial.html?internal_keyplay=ALL&internal_campaign=FY25-Q1-GLOBAL-CDP-5-Day-Trial&cid=FY25-Q1-GLOBAL-CDP-5-Day-Trial&internal_link=WWW-Nav-u01  When was that error hit? Just after the sign-up?  ... View more

Default configurations are the tested and for that reason are set in that way, but those are configurable for a reason, sometimes, and depending on the environment, the use case and much more, they need to be tuned in an specific way.  ... View more

Hello @rizalt  Have you tested the same query directly on beeline?  Can you try it?  ... View more

Hello @mokkan,  Yes, that buffer means that it will wait until it reaches the 100kb and will write it to the location under HDFS.  If you need to get the events before, you can decrease the buffer size.  Not all the times the buffer is reached it will perform the fsync,  According to what I found, Spark uses OutputStream.flush(), so not all the times an fsync() will be performed.  Regards,  Andrés Fallas Cloudera Customer Operations Engineer ... View more