Mark, Adding the user and then granting that user permissions to 'view the user interface' is all that is required for the user to access the UI. If you check out the nifi-user.log you should be able to see which request failed. In the coming 1.2.0 release, we've made the authorization error messages more meaningful which should make it easier to see which policies the user is lacking.
Subsequently, the user can be granted to various parts of data flow (through the policies access from the canvas Operate palette). This will allow the user to see the types/configuration of various components and/or modify them. Without these permissions, the user can still see the data flow but they will not be able to see details of those components. Matt On Fri, Feb 24, 2017 at 12:32 PM, Mark Bean <[email protected]> wrote: > I am attempting to apply Access Policies appropriately. As a very first > step, I want to grant a user access to the UI. From the global menu, I > chose Users and added the user. Then, again from the global menu, I chose > Policies. I added the user to "view the user interface" and "access the > controller" ("view" only; not "modify"). > > When this failed to give the user access, I went to the component level > policy at the root of the graph (i.e. "NiFi Flow" process group). I granted > "view the component". > > With the above policies, the user receives a message that states "Unable to > perform the desired action due to insufficient permissions. Contact the > system administrator." > > How do I grant a user access to the UI? > > The Admin Guide has a section on Access Policy Configuration Examples. > However, it begins with "The following scenarios assume User1 is an > administrator and User2 is a newly added user that has only been given > access to the UI." Suggestion: create a new example scenario which > demonstrates "has been given access to the UI". > > Thanks, > Mark >
