@pnac03 Based on your nifi-registry.properties file, there is no user identity manipulation happening. This means that the full DistinquishedName (DN) presented by NiFi in the MutualTLS exchange with NiFi-Registry will be the user identity for the registry client connecting to your NiFi-Registry. That means that the full DN needs to be authorized in NiFi-Registry properly. That DN needs to be authorized for the following Special Privileges: "Can manage buckets" - Read "Can proxy user requests" - Read, Write, and Delete From the keystore you shared fro your SSL Context Service, we can see it properly contains only one PrivateKeyEntry and the DN for that clientAuth privateKey is: O=3SCDemo, CN=nifi-registry So the above (case sensitive) MUST exist as a user in your NiFi-Registry and have granted to it the above special Privileges mentioned. Also, the user identity of the user logged into NiFi (as displayed in upper right corner - case sensitive) when attempting start version control on a process group in NiFi will need to exist as a user in your NiFi-Registry and be authorized properly directly on the bucket in which you want to version control the process group (this is different then the Special Privileges section in NiFi-Registry). Read Bucket - Allows user to see version controlled flows in the bucket. Write Bucket - Allows user to commit new version controlled flows to the bucket Delete Bucket - allows user to delete a bucket. Please help our community grow. If you found any of the suggestions/solutions provided helped you with solving your issue or answering your question, please take a moment to login and click "Accept as Solution" on one or more of them that helped. Thank you, Matt
... View more
