I think I see the issue and someone else just submitted a similar JIRA [1] which is caused by the same bug. When using an authentication which will use the API tokens, download requests are processed using a one-time password token (since they become part of the URL). These are only honored for certain endpoints which do not appear correct.
As a work-around, you could use clients certificates, download via a curl command, or use View as it is not subject to the same endpoint check (when not clustered). Matt [1] https://issues.apache.org/jira/browse/NIFI-2797 On Tue, Sep 20, 2016 at 12:02 PM, Peter Wicks (pwicks) <[email protected]> wrote: > Andre/Matt, > > > > Sorry, my memory was wrong. My experience matches Andre’s, it only errors > when I click Download; View is fine. > > > > We are running a customized build of 1.0 and I made the assumption that > this was an issue caused by a bad merge on our part and wasn’t paying it > much attention. I have not submitted a JIRA ticket. > > > > We are not clustered, running Kerberos for authentication. > > > > Thanks, > > Peter > > > > > > *From:* Matt Gilman [mailto:[email protected]] > *Sent:* Tuesday, September 20, 2016 9:55 AM > *To:* [email protected] > *Subject:* Re: Download item from queue - what permission is required? > > > > Downloading and viewing should be the same permissions. If you're seeing > otherwise please file a JIRA with the details. Is the instance clustered, > what permissions to you have set on the source component, etc? > > > > Andre, > > > > The 'view the data' is the correct policy that you need to configure. Is > your instance clustered or are there anything proxying user requests? And > endpoint that will be transferring 'data' (or 'metadata' like flow file > attributes) will require that every link is the chain has the 'view the > data' policy enabled. This ensures that every system between the user and > NiFi is authorized to have the data. > > > > Let me know if that helps. > > > > Matt > > > > On Tue, Sep 20, 2016 at 11:41 AM, Andre <[email protected]> wrote: > > Peter, > > > > Quite curious as I am able to view the flowfile but unable to download it. > > Seems something we should either document (how to setup properly) or to > fix in the next release. > > > > Have you already raised a JIRA? > > > > > > On Wed, Sep 21, 2016 at 12:30 AM, Peter Wicks (pwicks) <[email protected]> > wrote: > > No help here, except to share that I’ve also seen this error. I’ve been > working around it by downloading the FlowFile instead of viewing it. > > > > *From:* Andre [mailto:[email protected]] > *Sent:* Monday, September 19, 2016 11:18 PM > *To:* [email protected] > *Subject:* Download item from queue - what permission is required? > > > > Hi there, > > > > > > I am puzzled but one of 1.0.0 features. I had some flowfiles in the queue > and as customary I did a list queue. > > > > Flowfile was in there, attributes in perfect shape. Yet when I try to > download the data of the flowfile (i.e. click the download button) it > reports I don't have permissions. > > > > I would assume the permissions required would be "view the data"? > > > > > > Cheers > > > > >
