RE: Insufficient permissions on initial start up (NiFi 2.0)

Wed, 24 Apr 2024 02:33:15 -0700 

Hi James,

Have you changed these settings in authorizers.xml since you first started 
NiFi? If so, you may need to delete users.xml and authorizations.xml.
A new admin user will not be created if those files already exist.

Otherwise, the trickiest part is usually that the user DN needs to match 
*exactly* with that specified. Capitals and whitespace matter. Since you are 
getting insufficient permissions instead of unknown user, I don’t think that’s 
your problem here. Still, it may be worth checking for a mismatch in the 
initial admin identity vs initial user identity vs certificate.

Regards,

Isha

Van: James McMahon <jsmcmah...@gmail.com>
Verzonden: woensdag 24 april 2024 02:14
Aan: users <users@nifi.apache.org>
Onderwerp: Insufficient permissions on initial start up (NiFi 2.0)

I am trying to start my new NiFi 2.0 installation. I have a user admin2 that 
has a cert. The nifi server also has a cert. Both are signed by the same CA.

At start up in my browser I am denied due to insufficient privileges:

Unable to view the user interface. Contact the system administrator.
Insufficient Permissions     home


My authorizors.xml has been configured as follows:
<authorizers>
    <userGroupProvider>
        <identifier>file-user-group-provider</identifier>
        <class>org.apache.nifi.authorization.FileUserGroupProvider</class>
        <property name="Users 
File">/opt/nifi/config_resources/users.xml</property>
        <property name="Legacy Authorized Users File"></property>
        <property name="Initial User Identity 1">C = US, ST = Virginia, L = 
Reston, O = C4 Rampart, OU = NIFI, CN = admin2</property>
    </userGroupProvider>
    <accessPolicyProvider>
        <identifier>file-access-policy-provider</identifier>
        <class>org.apache.nifi.authorization.FileAccessPolicyProvider</class>
        <property name="User Group Provider">file-user-group-provider</property>
        <property name="Authorizations 
File">/opt/nifi/config_resources/authorizations.xml</property>
        <property name="Initial Admin Identity">C = US, ST = Virginia, L = 
Reston, O = C4 Rampart, OU = NIFI, CN = admin2</property>
        <property name="Legacy Authorized Users File"></property>
        <property name="Node Identity 1"></property>
    </accessPolicyProvider>
    <authorizer>
        <identifier>managed-authorizer</identifier>
        <class>org.apache.nifi.authorization.StandardManagedAuthorizer</class>
        <property name="Access Policy 
Provider">file-access-policy-provider</property>
    </authorizer>
</authorizers>

I read that at start up, authorizations.xml and users.xml would be created by 
NiFi - those files are not to be hand jammed.

So how do I actually get in with my admin2 user?
What have I overlooked on this magical mystery tour?

Reply via email to