Re: initial component access policies

I remember trying to solve this a long time ago during the 1.0.0 development when the new authorizer API was implemented, but I honestly can't remember all the issues. A lot of stuff has changed since so maybe a fresh look is worth it. StandardFlowService already has a member variable with the Aut

Re: initial component access policies

Bryan, Ok, thanks. Now, the issue is when there is no flow established yet. In that case, FileAccessPolicyProvider.populateInitialAdmin will not find the rootGroupId; it doesn't exist yet in cases where there is no flow.xml.gz on startup. So, component access policies cannot be created. The flow.

Re: initial component access policies

The initial admin policies are created here: https://github.com/apache/nifi/blob/master/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-file-authorizer/src/main/java/org/apache/nifi/authorization/FileAccessPolicyProvider.java#L595

initial component access policies

When NiFi is started for the first time, the Component Access Policies are not populated even for the Initial Admin or for legacy DFM_ROLE users in authorized-users.xml file.That is, not unless a flow.xml.gz file exists. The fact that the admin user does not have access to these policies has led to