Hi Kumar,

 

Access Policies in NiFi 1.3.0 are defined with (resource, action) pairs, where "resource" is basically the path part of the resource URI (e.g., /controller, /policies), and "action" is either 'read' or 'write'.

 

For each policy defined (resource, action) must be unique. So if you want to grant a user or userGroup read or write access to a resource, rather than create a new policy, first check if that policy already exists, and if so, add the users/groups to that policy. If the policy for the (resource, action) pair you want to set does not exist, then create it.

 

Referencing the NiFi REST API documentation [1]:

 

To view all existing policies:

 

GET /policies

 

To update an existing policy:

 

PUT /policies/{policyId}    # where policyId is returned by the server in the GET response

 

To create a new policy for a (resource, action) pair that does not already exist:

 

POST /policies  # the created policy, including the server-set id, will be returned in the response upon success

 

Note, that in order to add tenants (ie, users and userGroups) to a policy, you must discover their ids as well. You can use:

 

                GET /tenants/users

                GET/tenants/user-groups

                GET /tenants/search-results  # search by tenant identity, i.e., user name or group name.

 

These tenants endpoints may be helpful in resolving the other error you noticed in the logs, which user not found exception. Make sure the user you are referencing is in the result set of GET /tenants/users and use the same entity id when you are adding a user to a policy.

 

[1] https://nifi.apache.org/docs/nifi-docs/rest-api/index.html  

(this link is to 1.4.0 rest api docs, but the tenant and policy API endpoints are unchanged from 1.3.0 to my knowledge)

 

Hope this helps!

Kevin

 

From: kumar r <kumarccpp@gmail.com>
Reply-To: <users@nifi.apache.org>
Date: Wednesday, November 8, 2017 at 05:30
To: <users@nifi.apache.org>
Subject: Found multiple policies exception

 

Hi,

I am using NiFi-1.3.0 secured with Kerberos. When i set a policy for a user, i am getting

Found multiple policies for '/controller' with 'write'.

After checking log file, below exception occurs

org.apache.nifi.web.ResourceNotFoundException: Unable to find user with id '311656fb-3fef-303d-8b61-24d4a7d8aeb9'.. Returning Not Found response.
java.lang.IllegalStateException: Found multiple policies for '/controller' with 'write'.. Returning Conflict response.

how to solve this? Is this NiFi issue?

Thanks,

Kumar