Thanks @MattWho I took a more thorough look at the authorizers.xml file and I had a bad path to the users.xml file in the file-provider. There may still be some issues with the way this is being deployed, but I'm able to interact with the canvas now, so it's progress. ... View more

@MattWho    Version 1.14.0 I used the cetic/helm-nifi image, and due to the number of mounted volumes I couldn't deploy it to kubernetes on my existing machine (there's like 8 or 9 config files that are mounted in addition to persistent storage), so I basically loaded those [modified] config files onto my base nifi image and moved them into the mounted directory locations as the container is started (I understand there may be some issues with persistence). ... View more

Thanks for your reply! Yes I get a 403 insufficient privileges error when I try to create a new policy. Here is the user log when I attempt to create the new policy (I removed references to my specific nifi instance, replaced with <nifi instance name>): 2021-10-06 18:05:57,749 INFO [NiFi Web Server-871] o.a.n.w.s.NiFiAuthenticationFilter Attempting request for (CN=admin, OU=NIFI) GET https://localhost:9443/nifi-api/policies/read/process-groups/288a1cba-017c-1000-73fe-2635722f1826 (source ip: 127.0.0.1) 2021-10-06 18:05:57,749 INFO [NiFi Web Server-871] o.a.n.w.s.NiFiAuthenticationFilter Authentication success for CN=admin, OU=NIFI 2021-10-06 18:05:57,751 INFO [NiFi Web Server-848] o.a.n.w.s.NiFiAuthenticationFilter Attempting request for (<CN=admin, OU=NIFI><CN=<nifi instance name>-0.<nifi instance name>-headless.nifi-test.svc.cluster.local, OU=NIFI>) GET https://localhost:9443/nifi-api/policies/read/process-groups/288a1cba-017c-1000-73fe-2635722f1826 (source ip: 127.0.0.1) 2021-10-06 18:05:57,751 INFO [NiFi Web Server-848] o.a.n.w.s.NiFiAuthenticationFilter Authentication success for CN=admin, OU=NIFI 2021-10-06 18:05:57,752 INFO [NiFi Web Server-848] o.a.n.w.a.c.ResourceNotFoundExceptionMapper org.apache.nifi.web.ResourceNotFoundException: Unable to find access policy for read on /process-groups/288a1cba-017c-1000-73fe-2635722f1826. Returning Not Found response. ... View more

If I right click the canvas and attempt to give myself the permissions ('manage access policies'), there are no policies listed attempting to create one gives a 403 insufficient privileges error. ... View more

Hello Matt- really appreciate how active you are in this community, I see your helpful answers everywhere.   I'm getting the same error as the OP, I was wondering if you could help. When I cat users.xml my user is there (CN,DC are capitalized in the cert itself and in the log, but lowercase in the file) When I check authorizations.xml, my user id is given access to everything I need I believe: <policies> <policy identifier="f99bccd1-a30e-3e4a-98a2-dbc708edc67f" resource="/flow" action="R"> <user identifier="b54195a2-7067-3bf3-a33b-f09e6c3caafe"/> </policy> <policy identifier="b8775bd4-704a-34c6-987b-84f2daf7a515" resource="/restricted-components" action="W"> <user identifier="b54195a2-7067-3bf3-a33b-f09e6c3caafe"/> </policy> <policy identifier="627410be-1717-35b4-a06f-e9362b89e0b7" resource="/tenants" action="R"> <user identifier="b54195a2-7067-3bf3-a33b-f09e6c3caafe"/> </policy> <policy identifier="15e4e0bd-cb28-34fd-8587-f8d15162cba5" resource="/tenants" action="W"> <user identifier="b54195a2-7067-3bf3-a33b-f09e6c3caafe"/> </policy> <policy identifier="ff96062a-fa99-36dc-9942-0f6442ae7212" resource="/policies" action="R"> <user identifier="b54195a2-7067-3bf3-a33b-f09e6c3caafe"/> </policy> <policy identifier="ad99ea98-3af6-3561-ae27-5bf09e1d969d" resource="/policies" action="W"> <user identifier="b54195a2-7067-3bf3-a33b-f09e6c3caafe"/> </policy> <policy identifier="2e1015cb-0fed-3005-8e0d-722311f21a03" resource="/controller" action="R"> <user identifier="b54195a2-7067-3bf3-a33b-f09e6c3caafe"/> </policy> <policy identifier="c6322e6c-4cc1-3bcc-91b3-2ed2111674cf" resource="/controller" action="W"> <user identifier="b54195a2-7067-3bf3-a33b-f09e6c3caafe"/> </policy> </policies> So I don't know what else may be causing this. Let me know if you see anything.  ... View more

So following this guide directly doesn't actually work.  I'm assuming one has to have access to your image registry.  Using the base apache/nifi, or a even a modified one doesn't work 'out of the box'.  It would be nice if you included some of the changes you made to your nifi image in order to get this functional.  Specifically, the error that occurs is related to keys and decrypting some values.   2021-09-01 21:05:33,566 ERROR [main] o.a.nifi.properties.NiFiPropertiesLoader Clustered Configuration Found: Shared Sensitive Properties Key [nifi.sensitive.props.key] required for cluster nodes 2021-09-01 21:05:33,574 ERROR [main] org.apache.nifi.NiFi Failure to launch NiFi due to java.lang.IllegalArgumentException: There was an issue decrypting protected properties java.lang.IllegalArgumentException: There was an issue decrypting protected properties at org.apache.nifi.NiFi.initializeProperties(NiFi.java:346) at org.apache.nifi.NiFi.convertArgumentsToValidatedNiFiProperties(NiFi.java:314) at org.apache.nifi.NiFi.convertArgumentsToValidatedNiFiProperties(NiFi.java:310) at org.apache.nifi.NiFi.main(NiFi.java:302) Caused by: org.apache.nifi.properties.SensitivePropertyProtectionException: Sensitive Properties Key [nifi.sensitive.props.key] not found: See Admin Guide section [Updating the Sensitive Properties Key] at org.apache.nifi.properties.NiFiPropertiesLoader.getDefaultProperties(NiFiPropertiesLoader.java:220) at org.apache.nifi.properties.NiFiPropertiesLoader.get(NiFiPropertiesLoader.java:209) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at org.apache.nifi.NiFi.initializeProperties(NiFi.java:341) ... 3 common frames omitted   ... View more