The error message is saying your user does not have permission to view the data for the given processor.
There is a specific policy for viewing data which is described in the admin guide component policies [1], the policy named "view the data". I think you should be able to create the "view the data" policy on the root process group to allow the user to see all data, but I can't remember off the top of my head. I think the users representing the nodes also might need to be in that policy as well, since in a cluster the requests are being proxied and it needs to ensure the node proxying the user is also authorized to receive the data. [1] https://nifi.apache.org/docs/nifi-docs/html/administration-guide.html#component-level-access-policies On Mon, Oct 15, 2018 at 2:20 PM Milan Das <[email protected]> wrote: > > Hello Nifi Team, > > I am having an issue only when cluster mode is on. > > > > Issue is, I am unable to list Queue on secured cluster. It is communicating > on sasl with Zookeeper and the cluster is configured with TLS encryption and > nifi.security.user.login.identity.provider=kerberos-provider > > > > Queue on Success Queue: My flow is simple GenerateFlowFile (success) --> > Funnel. > > > > Yes I added all policies at root level to user nifiadmin1. This works when I > set the cluster to false. > > > > NIFI version : 1.6.0 > > > > > > > > Error: > > > > 2018-10-14 15:03:21,620 INFO [NiFi Web Server-38] > o.a.n.w.s.NiFiAuthenticationFilter Authentication success for > [email protected] > > 2018-10-14 15:03:21,621 INFO [NiFi Web Server-38] > o.a.n.w.a.c.AccessDeniedExceptionMapper identity[[email protected]], > groups[] does not have permission to access the requested resource. Unable to > view the data for Processor with ID 7312084e-0166-1000-0000-00006ef08dd3. > Returning Forbidden response. > > 2018-10-14 15:03:21,623 INFO [NiFi Web Server-40] > o.a.n.w.a.c.AccessDeniedExceptionMapper identity[[email protected]], > groups[] does not have permission to access the requested resource. Node > ip-172-30-1-235.ec2.internal:8443 is unable to fulfill this request due to: > Unable to view the data for Processor with ID > 7312084e-0166-1000-0000-00006ef08dd3. Contact the system administrator. > Returning Forbidden response. > > 2018-10-14 15:03:21,633 INFO [NiFi Web Server-138] > o.a.n.w.s.NiFiAuthenticationFilter Attempting request for > (<[email protected]><CN=ip-172-30-1-235.ec2.internal, O=Interset, > ST=California, C=US>) POST > https://ip-172-30-1-235.ec2.internal:8443/nifi-api/flowfile-queues/73121f31-0166-1000-0000-000024972726/listing-requests > (source ip: 172.30.1.235) > > 2018-10-14 15:03:21,633 INFO [NiFi Web Server-138] > o.a.n.w.s.NiFiAuthenticationFilter Authentication success for nifiadmin1@ > > > > Thanks, > > Milan Das >
