I think I see the issue and someone else just submitted a similar JIRA [1]
which is caused by the same bug. When using an authentication which will
use the API tokens, download requests are processed using a one-time
password token (since they become part of the URL). These are only honored
for certain endpoints which do not appear correct.

As a work-around, you could use clients certificates, download via a curl
command, or use View as it is not subject to the same endpoint check (when
not clustered).

Matt

[1] https://issues.apache.org/jira/browse/NIFI-2797

On Tue, Sep 20, 2016 at 12:02 PM, Peter Wicks (pwicks) <pwi...@micron.com>
wrote:

> Andre/Matt,
>
>
>
> Sorry, my memory was wrong. My experience matches Andre’s, it only errors
> when I click Download; View is fine.
>
>
>
> We are running a customized build of 1.0 and I made the assumption that
> this was an issue caused by a bad merge on our part and wasn’t paying it
> much attention. I have not submitted a JIRA ticket.
>
>
>
> We are not clustered, running Kerberos for authentication.
>
>
>
> Thanks,
>
>   Peter
>
>
>
>
>
> *From:* Matt Gilman [mailto:matt.c.gil...@gmail.com]
> *Sent:* Tuesday, September 20, 2016 9:55 AM
> *To:* users@nifi.apache.org
> *Subject:* Re: Download item from queue - what permission is required?
>
>
>
> Downloading and viewing should be the same permissions. If you're seeing
> otherwise please file a JIRA with the details. Is the instance clustered,
> what permissions to you have set on the source component, etc?
>
>
>
> Andre,
>
>
>
> The 'view the data' is the correct policy that you need to configure. Is
> your instance clustered or are there anything proxying user requests? And
> endpoint that will be transferring 'data' (or 'metadata' like flow file
> attributes) will require that every link is the chain has the 'view the
> data' policy enabled. This ensures that every system between the user and
> NiFi is authorized to have the data.
>
>
>
> Let me know if that helps.
>
>
>
> Matt
>
>
>
> On Tue, Sep 20, 2016 at 11:41 AM, Andre <andre-li...@fucs.org> wrote:
>
> Peter,
>
>
>
> Quite curious as I am able to view the flowfile but unable to download it.
>
> Seems something we should either document (how to setup properly) or to
> fix in the next release.
>
>
>
> Have you already raised a JIRA?
>
>
>
>
>
> On Wed, Sep 21, 2016 at 12:30 AM, Peter Wicks (pwicks) <pwi...@micron.com>
> wrote:
>
> No help here, except to share that I’ve also seen this error.  I’ve been
> working around it by downloading the FlowFile instead of viewing it.
>
>
>
> *From:* Andre [mailto:andre-li...@fucs.org]
> *Sent:* Monday, September 19, 2016 11:18 PM
> *To:* users@nifi.apache.org
> *Subject:* Download item from queue - what permission is required?
>
>
>
> Hi there,
>
>
>
>
>
> I am puzzled but one of 1.0.0 features. I had some flowfiles in the queue
> and as customary I did a list queue.
>
>
>
> Flowfile was in there, attributes in perfect shape. Yet when I try to
> download the data of the flowfile (i.e. click the download button) it
> reports I don't have permissions.
>
>
>
> I would assume the permissions required would be "view the data"?
>
>
>
>
>
> Cheers
>
>
>
>
>

Reply via email to