nifi-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From yinwencai Ywc <yinwen...@gmail.com>
Subject Re: unable to empty the connection queue between 2 processors in NIFI secure cluster
Date Mon, 14 Nov 2016 05:44:35 GMT
Thanks Andrew, I finally got it to work. it turns out I had to add
permissions for all the node identities in the global "query provenance"
policy setting menu as well as inside the operator menu for that processor
group. these node identities are configured inside the cluster
configuration file authorizers.xml as below:
        <property name="Node Identity 1">CN=CentOS1, OU=NIFI</property>
        <property name="Node Identity 2">CN=CentOS2, OU=NIFI</property>
        <property name="Node Identity 3">CN=CentOS3, OU=NIFI</property>

Regards,
Ben


On Mon, Nov 14, 2016 at 12:34 PM, Andrew Grande <aperepel@gmail.com> wrote:

> Hi,
>
> There are 2 levels basically. One is the global policies in the top right
> menu. Another is in the operator menu on the left and is specific to every
> processing group.
>
> Sometimes you need a combination of both to allow for an action. E.g. try
> data provenance and modify data permissions to allow emptying a queue.
>
> Andrew
>
> On Sun, Nov 13, 2016, 10:11 PM yinwencai Ywc <yinwencai@gmail.com> wrote:
>
>> Hi guys, I've just setup a secure NIFI 1.0.0 cluster and tried to check
>> how NIFI cluster works.
>>
>> I set up my NIFI secure cluster with LDAP based authorization and set the
>> Initial Admin Identity to one of the users inside the LDAP server.
>> I could successfully log into the NIFI user interface and could do almost
>> anything inside, but when I tried to empty the connection queue between 2
>> processors inside a processor group,
>> it prompted me I don't have enough permission to do it. I checked the
>> policies menu inside NIFI and have given this user all possible permissions
>> but still failed. You could check the snapshots
>> below:
>>
>>
>> ​
>>
>> ​
>>
>> Does anyone have any idea why this would happen? Thanks.
>>
>

Mime
View raw message