nifi-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Bryan Bende <bbe...@gmail.com>
Subject Re: Unable to List Queue
Date Mon, 15 Oct 2018 18:56:35 GMT
The error message is saying your user does not have permission to view
the data for the given processor.

There is a specific policy for viewing data which is described in the
admin guide component policies [1], the policy named "view the data".

I think you should be able to create the "view the data" policy on the
root process group to allow the user to see all data, but I can't
remember off the top of my head.

I think the users representing the nodes also might need to be in that
policy as well, since in a cluster the requests are being proxied and
it needs to ensure the node proxying the user is also authorized to
receive the data.

[1] https://nifi.apache.org/docs/nifi-docs/html/administration-guide.html#component-level-access-policies
On Mon, Oct 15, 2018 at 2:20 PM Milan Das <mdas@interset.com> wrote:
>
> Hello Nifi Team,
>
> I am having an issue only when cluster mode is on.
>
>
>
> Issue is, I am unable to list Queue on secured cluster. It is communicating on sasl with
Zookeeper and the cluster is configured with TLS encryption and nifi.security.user.login.identity.provider=kerberos-provider
>
>
>
>  Queue on Success Queue: My flow is simple GenerateFlowFile (success) --> Funnel.
>
>
>
> Yes I added all policies at root level to user nifiadmin1. This works when I set the
cluster to false.
>
>
>
> NIFI version : 1.6.0
>
>
>
>
>
>
>
> Error:
>
>
>
> 2018-10-14 15:03:21,620 INFO [NiFi Web Server-38] o.a.n.w.s.NiFiAuthenticationFilter
Authentication success for nifiadmin1@INTERSET.COM
>
> 2018-10-14 15:03:21,621 INFO [NiFi Web Server-38] o.a.n.w.a.c.AccessDeniedExceptionMapper
identity[nifiadmin1@INTERSET.COM], groups[] does not have permission to access the requested
resource. Unable to view the data for Processor with ID 7312084e-0166-1000-0000-00006ef08dd3.
Returning Forbidden response.
>
> 2018-10-14 15:03:21,623 INFO [NiFi Web Server-40] o.a.n.w.a.c.AccessDeniedExceptionMapper
identity[nifiadmin1@INTERSET.COM], groups[] does not have permission to access the requested
resource. Node ip-172-30-1-235.ec2.internal:8443 is unable to fulfill this request due to:
Unable to view the data for Processor with ID 7312084e-0166-1000-0000-00006ef08dd3. Contact
the system administrator. Returning Forbidden response.
>
> 2018-10-14 15:03:21,633 INFO [NiFi Web Server-138] o.a.n.w.s.NiFiAuthenticationFilter
Attempting request for (<nifiadmin1@INTERSET.COM><CN=ip-172-30-1-235.ec2.internal,
O=Interset, ST=California, C=US>) POST https://ip-172-30-1-235.ec2.internal:8443/nifi-api/flowfile-queues/73121f31-0166-1000-0000-000024972726/listing-requests
(source ip: 172.30.1.235)
>
> 2018-10-14 15:03:21,633 INFO [NiFi Web Server-138] o.a.n.w.s.NiFiAuthenticationFilter
Authentication success for nifiadmin1@
>
>
>
> Thanks,
>
> Milan Das
>

Mime
View raw message