If your instance is clustered, you'll need to authorize the nodes with the data policies as well. Any 'data-plane' endpoint (where data or meta-data is returned or modified) will require the nodes in the request chain to also be approved for access as the data will traverse some of them when the request is replicated. 'Control-plane' endpoints (where data flow configuration is retrieved/modified) are not subject to the additional check.
FYI, there was a recent improvement committed the master branch that provides some level of details regarding the insufficient privileges. This should make it into the next release (1.2.0). Matt On Tue, Jan 10, 2017 at 9:36 AM, Alessio Palma < [email protected]> wrote: > Hello all, > I'm checking nifi 1.1.1 before moving it to production and something weird > is happening when I try to empty a queue. > System replies telling I'm unable to perform the desired action due to > insufficient permissions. My user has any available rule. > What can I check ? > Any suggestions? > > Thanks in advance for your time. > > > >
