@Bhushan Babar In order to access the UI of a secured NiFi instance/cluster two things must be successful: 1. A user must be successfully authenticated. By default NiFi will always look for a user's certificate being presented in the connection to use for authentication. If a user certificate is not present, the connection will be closed unless and alternative authentication strategy has been configured in your NiFi. NiFi can be configured to also use LDAP or Kerberos for user authentication. 2. A user must be authorized to access the NiFi resource they are requesting. Only after a user has been successfully authenticated, then the user will be looked up in the configured authorizer to see what NiFi resource that user has been granted access to. In you case, you have a user (cn=neha+ou=business,dc=example,dc=com) that authenticates successfully. I am going to assume this is via user certificate. The full DN from the user certificate is then being passed to the NiFi file based authorizer to determine what resources that authenticated user has been granted. The user added to the authorizer must match this DN exactly. When you changed the DN of the user in the authorizer, it no longer matched what was being presented in the user's certificate and authorized access was being denied. You can always tail the nifi-user.log to see exactly what value is being passed to the authorizer after successful authentication. There will be two entries in this log when a user connects. First you will see a line that says user X successfully authenticated. The next line will say access denied if user was not authorized for the resource. If you want to change the DN in NiFi's authorizer, you must also issue your user a new certificate with a matching DN. Thanks, Matt
... View more
