Hi Bryan Thanks for your response. The user have all access including view the data at root processor level. It works when is.cluster is false. It doesn’t work when is.cluster is true.
Thanks, Milan Das On 10/15/18, 2:56 PM, "Bryan Bende" <[email protected]> wrote: The error message is saying your user does not have permission to view the data for the given processor. There is a specific policy for viewing data which is described in the admin guide component policies [1], the policy named "view the data". I think you should be able to create the "view the data" policy on the root process group to allow the user to see all data, but I can't remember off the top of my head. I think the users representing the nodes also might need to be in that policy as well, since in a cluster the requests are being proxied and it needs to ensure the node proxying the user is also authorized to receive the data. [1] https://nifi.apache.org/docs/nifi-docs/html/administration-guide.html#component-level-access-policies On Mon, Oct 15, 2018 at 2:20 PM Milan Das <[email protected]> wrote: > > Hello Nifi Team, > > I am having an issue only when cluster mode is on. > > > > Issue is, I am unable to list Queue on secured cluster. It is communicating on sasl with Zookeeper and the cluster is configured with TLS encryption and nifi.security.user.login.identity.provider=kerberos-provider > > > > Queue on Success Queue: My flow is simple GenerateFlowFile (success) --> Funnel. > > > > Yes I added all policies at root level to user nifiadmin1. This works when I set the cluster to false. > > > > NIFI version : 1.6.0 > > > > > > > > Error: > > > > 2018-10-14 15:03:21,620 INFO [NiFi Web Server-38] o.a.n.w.s.NiFiAuthenticationFilter Authentication success for [email protected] > > 2018-10-14 15:03:21,621 INFO [NiFi Web Server-38] o.a.n.w.a.c.AccessDeniedExceptionMapper identity[[email protected]], groups[] does not have permission to access the requested resource. Unable to view the data for Processor with ID 7312084e-0166-1000-0000-00006ef08dd3. Returning Forbidden response. > > 2018-10-14 15:03:21,623 INFO [NiFi Web Server-40] o.a.n.w.a.c.AccessDeniedExceptionMapper identity[[email protected]], groups[] does not have permission to access the requested resource. Node ip-172-30-1-235.ec2.internal:8443 is unable to fulfill this request due to: Unable to view the data for Processor with ID 7312084e-0166-1000-0000-00006ef08dd3. Contact the system administrator. Returning Forbidden response. > > 2018-10-14 15:03:21,633 INFO [NiFi Web Server-138] o.a.n.w.s.NiFiAuthenticationFilter Attempting request for (<[email protected]><CN=ip-172-30-1-235.ec2.internal, O=Interset, ST=California, C=US>) POST https://ip-172-30-1-235.ec2.internal:8443/nifi-api/flowfile-queues/73121f31-0166-1000-0000-000024972726/listing-requests (source ip: 172.30.1.235) > > 2018-10-14 15:03:21,633 INFO [NiFi Web Server-138] o.a.n.w.s.NiFiAuthenticationFilter Authentication success for nifiadmin1@ > > > > Thanks, > > Milan Das >
