Hi Kumar,


Access Policies in NiFi 1.3.0 are defined with (resource, action) pairs, where "resource" is basically the path part of the resource URI (e.g., /controller, /policies), and "action" is either 'read' or 'write'.


For each policy defined (resource, action) must be unique. So if you want to grant a user or userGroup read or write access to a resource, rather than create a new policy, first check if that policy already exists, and if so, add the users/groups to that policy. If the policy for the (resource, action) pair you want to set does not exist, then create it.


Referencing the NiFi REST API documentation [1]:


To view all existing policies:


GET /policies


To update an existing policy:


PUT /policies/{policyId}    # where policyId is returned by the server in the GET response


To create a new policy for a (resource, action) pair that does not already exist:


POST /policies  # the created policy, including the server-set id, will be returned in the response upon success


Note, that in order to add tenants (ie, users and userGroups) to a policy, you must discover their ids as well. You can use:


                GET /tenants/users


                GET /tenants/search-results  # search by tenant identity, i.e., user name or group name.


These tenants endpoints may be helpful in resolving the other error you noticed in the logs, which user not found exception. Make sure the user you are referencing is in the result set of GET /tenants/users and use the same entity id when you are adding a user to a policy.


[1] https://nifi.apache.org/docs/nifi-docs/rest-api/index.html  

(this link is to 1.4.0 rest api docs, but the tenant and policy API endpoints are unchanged from 1.3.0 to my knowledge)


Hope this helps!



From: kumar r <kumarccpp@gmail.com>
Reply-To: <users@nifi.apache.org>
Date: Wednesday, November 8, 2017 at 05:30
To: <users@nifi.apache.org>
Subject: Found multiple policies exception



I am using NiFi-1.3.0 secured with Kerberos. When i set a policy for a user, i am getting

Found multiple policies for '/controller' with 'write'.

After checking log file, below exception occurs

org.apache.nifi.web.ResourceNotFoundException: Unable to find user with id '311656fb-3fef-303d-8b61-24d4a7d8aeb9'.. Returning Not Found response.
java.lang.IllegalStateException: Found multiple policies for '/controller' with 'write'.. Returning Conflict response.

how to solve this? Is this NiFi issue?