nifi-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Milan Das <m...@interset.com>
Subject Re: Unable to List Queue
Date Mon, 15 Oct 2018 21:29:52 GMT
Hi Bryan
Thanks for your response.
The user have all access including view the data at root processor level. It works when is.cluster
is false. It doesn’t work when is.cluster is true.

Thanks,
Milan Das


On 10/15/18, 2:56 PM, "Bryan Bende" <bbende@gmail.com> wrote:

    The error message is saying your user does not have permission to view
    the data for the given processor.
    
    There is a specific policy for viewing data which is described in the
    admin guide component policies [1], the policy named "view the data".
    
    I think you should be able to create the "view the data" policy on the
    root process group to allow the user to see all data, but I can't
    remember off the top of my head.
    
    I think the users representing the nodes also might need to be in that
    policy as well, since in a cluster the requests are being proxied and
    it needs to ensure the node proxying the user is also authorized to
    receive the data.
    
    [1] https://nifi.apache.org/docs/nifi-docs/html/administration-guide.html#component-level-access-policies
    On Mon, Oct 15, 2018 at 2:20 PM Milan Das <mdas@interset.com> wrote:
    >
    > Hello Nifi Team,
    >
    > I am having an issue only when cluster mode is on.
    >
    >
    >
    > Issue is, I am unable to list Queue on secured cluster. It is communicating on sasl
with Zookeeper and the cluster is configured with TLS encryption and nifi.security.user.login.identity.provider=kerberos-provider
    >
    >
    >
    >  Queue on Success Queue: My flow is simple GenerateFlowFile (success) --> Funnel.
    >
    >
    >
    > Yes I added all policies at root level to user nifiadmin1. This works when I set
the cluster to false.
    >
    >
    >
    > NIFI version : 1.6.0
    >
    >
    >
    >
    >
    >
    >
    > Error:
    >
    >
    >
    > 2018-10-14 15:03:21,620 INFO [NiFi Web Server-38] o.a.n.w.s.NiFiAuthenticationFilter
Authentication success for nifiadmin1@INTERSET.COM
    >
    > 2018-10-14 15:03:21,621 INFO [NiFi Web Server-38] o.a.n.w.a.c.AccessDeniedExceptionMapper
identity[nifiadmin1@INTERSET.COM], groups[] does not have permission to access the requested
resource. Unable to view the data for Processor with ID 7312084e-0166-1000-0000-00006ef08dd3.
Returning Forbidden response.
    >
    > 2018-10-14 15:03:21,623 INFO [NiFi Web Server-40] o.a.n.w.a.c.AccessDeniedExceptionMapper
identity[nifiadmin1@INTERSET.COM], groups[] does not have permission to access the requested
resource. Node ip-172-30-1-235.ec2.internal:8443 is unable to fulfill this request due to:
Unable to view the data for Processor with ID 7312084e-0166-1000-0000-00006ef08dd3. Contact
the system administrator. Returning Forbidden response.
    >
    > 2018-10-14 15:03:21,633 INFO [NiFi Web Server-138] o.a.n.w.s.NiFiAuthenticationFilter
Attempting request for (<nifiadmin1@INTERSET.COM><CN=ip-172-30-1-235.ec2.internal,
O=Interset, ST=California, C=US>) POST https://ip-172-30-1-235.ec2.internal:8443/nifi-api/flowfile-queues/73121f31-0166-1000-0000-000024972726/listing-requests
(source ip: 172.30.1.235)
    >
    > 2018-10-14 15:03:21,633 INFO [NiFi Web Server-138] o.a.n.w.s.NiFiAuthenticationFilter
Authentication success for nifiadmin1@
    >
    >
    >
    > Thanks,
    >
    > Milan Das
    >
    



Mime
View raw message