You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@nifi.apache.org by Shawn Weeks <sw...@weeksconsulting.us> on 2021/04/28 13:06:19 UTC
Insufficient Permission to Clear Queue
On a new NiFi 1.13.2 installation I'm receiving an Insufficient Permission error when I try and clear a queue on the root canvas. My user is a member of a local group called "admin" that has been assigned every permission on the root canvas include "view the data", "modify the data", etc, as well as everything under the system policies. I can't figure out what permission I'm missing. I also can't view the queue either.
2021-04-28 13:01:44,874 INFO [NiFi Web Server-324] o.a.n.w.s.NiFiAuthenticationFilter Authentication success for sweeks
2021-04-28 13:01:44,875 INFO [NiFi Web Server-324] o.a.n.w.a.c.AccessDeniedExceptionMapper identity[sweeks], groups[admin] does not have permission to access the requested resource. Unable to modify the data for Processor with ID 1887dab4-0179-1000-ffff-ffff99018b60. Returning Forbidden response.
2021-04-28 13:01:44,876 INFO [NiFi Web Server-312] o.a.n.w.s.NiFiAuthenticationFilter Attempting request for (<sweeks><node1.example.org><node2.example.orgl>) POST https://node1.example.org:8443/nifi-api/flowfile-queues/18882d1e-0179-1000-0000-000004f46c76/drop-requests (source ip: 10.208.126.182)
2021-04-28 13:01:44,876 INFO [NiFi Web Server-312] o.a.n.w.s.NiFiAuthenticationFilter Authentication success for sweeks
Thanks
Shawn
Re: Insufficient Permission to Clear Queue
Posted by Joe Witt <jo...@gmail.com>.
Shawn
Yeah probably not our best response to help you figure out and resolve the
issue on your own. Please file a JIRA with what the settings where, what
you tried and received, and how you fixed and why it was confusing. Just
so whoever picks that up will have the context and can make it more like
what would have helped you understand and resolve the issue sooner.
Thanks
On Wed, Apr 28, 2021 at 7:46 AM Shawn Weeks <sw...@weeksconsulting.us>
wrote:
> And that was it, but shouldn’t the error message have listed the node as
> not having permission instead of saying my user didn’t have permission?
>
>
>
> This right here is totally a lie because my user did have the permission
> it was the node itself that didn’t and that’s not mentioned anywhere in the
> error.
>
>
>
> AccessDeniedExceptionMapper identity[sweeks], groups[admin] does not have
> permission to access the requested resource.
>
>
>
> Thanks
>
> Shawn
>
>
>
> *From:* Chris Sampson <ch...@naimuri.com>
> *Sent:* Wednesday, April 28, 2021 9:08 AM
> *To:* users@nifi.apache.org
> *Subject:* Re: Insufficient Permission to Clear Queue
>
>
>
> Do all of the NiFi instances themselves have the same permissions?
>
>
>
> Both the operating user (i.e. you) and the Node Identities within the
> cluster need to have permissions for viewing and modifying data (had this
> issue myself earlier today until I remembered what was needed).
>
>
>
>
> ---
>
> *Chris Sampson*
>
> IT Consultant
>
> chris.sampson@naimuri.com
>
> <https://www.naimuri.com/>
>
>
>
>
>
> On Wed, 28 Apr 2021 at 14:06, Shawn Weeks <sw...@weeksconsulting.us>
> wrote:
>
> On a new NiFi 1.13.2 installation I’m receiving an Insufficient Permission
> error when I try and clear a queue on the root canvas. My user is a member
> of a local group called “admin” that has been assigned every permission on
> the root canvas include “view the data”, “modify the data”, etc, as well as
> everything under the system policies. I can’t figure out what permission
> I’m missing. I also can’t view the queue either.
>
>
>
> 2021-04-28 13:01:44,874 INFO [NiFi Web Server-324]
> o.a.n.w.s.NiFiAuthenticationFilter Authentication success for sweeks
>
> 2021-04-28 13:01:44,875 INFO [NiFi Web Server-324]
> o.a.n.w.a.c.AccessDeniedExceptionMapper identity[sweeks], groups[admin]
> does not have permission to access the requested resource. Unable to modify
> the data for Processor with ID 1887dab4-0179-1000-ffff-ffff99018b60.
> Returning Forbidden response.
>
> 2021-04-28 13:01:44,876 INFO [NiFi Web Server-312]
> o.a.n.w.s.NiFiAuthenticationFilter Attempting request for (<sweeks><
> node1.example.org><node2.example.orgl>) POST
> https://node1.example.org:8443/nifi-api/flowfile-queues/18882d1e-0179-1000-0000-000004f46c76/drop-requests
> (source ip: 10.208.126.182)
>
> 2021-04-28 13:01:44,876 INFO [NiFi Web Server-312]
> o.a.n.w.s.NiFiAuthenticationFilter Authentication success for sweeks
>
>
>
> Thanks
>
> Shawn
>
>
RE: Insufficient Permission to Clear Queue
Posted by Shawn Weeks <sw...@weeksconsulting.us>.
And that was it, but shouldn’t the error message have listed the node as not having permission instead of saying my user didn’t have permission?
This right here is totally a lie because my user did have the permission it was the node itself that didn’t and that’s not mentioned anywhere in the error.
AccessDeniedExceptionMapper identity[sweeks], groups[admin] does not have permission to access the requested resource.
Thanks
Shawn
From: Chris Sampson <ch...@naimuri.com>
Sent: Wednesday, April 28, 2021 9:08 AM
To: users@nifi.apache.org
Subject: Re: Insufficient Permission to Clear Queue
Do all of the NiFi instances themselves have the same permissions?
Both the operating user (i.e. you) and the Node Identities within the cluster need to have permissions for viewing and modifying data (had this issue myself earlier today until I remembered what was needed).
---
Chris Sampson
IT Consultant
chris.sampson@naimuri.com<ma...@naimuri.com>
[https://docs.google.com/uc?export=download&id=1oPtzd0P7DqtuzpjiTRAa6h6coFitpqom&revid=0B9aXwC5rMc6lVlZ2OWpUaVlFVmUwTlZBdjQ0KzAxb1dZS2hJPQ]<https://www.naimuri.com/>
On Wed, 28 Apr 2021 at 14:06, Shawn Weeks <sw...@weeksconsulting.us>> wrote:
On a new NiFi 1.13.2 installation I’m receiving an Insufficient Permission error when I try and clear a queue on the root canvas. My user is a member of a local group called “admin” that has been assigned every permission on the root canvas include “view the data”, “modify the data”, etc, as well as everything under the system policies. I can’t figure out what permission I’m missing. I also can’t view the queue either.
2021-04-28 13:01:44,874 INFO [NiFi Web Server-324] o.a.n.w.s.NiFiAuthenticationFilter Authentication success for sweeks
2021-04-28 13:01:44,875 INFO [NiFi Web Server-324] o.a.n.w.a.c.AccessDeniedExceptionMapper identity[sweeks], groups[admin] does not have permission to access the requested resource. Unable to modify the data for Processor with ID 1887dab4-0179-1000-ffff-ffff99018b60. Returning Forbidden response.
2021-04-28 13:01:44,876 INFO [NiFi Web Server-312] o.a.n.w.s.NiFiAuthenticationFilter Attempting request for (<sweeks><node1.example.org<http://node1.example.org>><node2.example.orgl>) POST https://node1.example.org:8443/nifi-api/flowfile-queues/18882d1e-0179-1000-0000-000004f46c76/drop-requests (source ip: 10.208.126.182)
2021-04-28 13:01:44,876 INFO [NiFi Web Server-312] o.a.n.w.s.NiFiAuthenticationFilter Authentication success for sweeks
Thanks
Shawn
Re: Insufficient Permission to Clear Queue
Posted by Chris Sampson <ch...@naimuri.com>.
Do all of the NiFi instances themselves have the same permissions?
Both the operating user (i.e. you) and the Node Identities within the
cluster need to have permissions for viewing and modifying data (had this
issue myself earlier today until I remembered what was needed).
---
*Chris Sampson*
IT Consultant
chris.sampson@naimuri.com
<https://www.naimuri.com/>
On Wed, 28 Apr 2021 at 14:06, Shawn Weeks <sw...@weeksconsulting.us> wrote:
> On a new NiFi 1.13.2 installation I’m receiving an Insufficient Permission
> error when I try and clear a queue on the root canvas. My user is a member
> of a local group called “admin” that has been assigned every permission on
> the root canvas include “view the data”, “modify the data”, etc, as well as
> everything under the system policies. I can’t figure out what permission
> I’m missing. I also can’t view the queue either.
>
>
>
> 2021-04-28 13:01:44,874 INFO [NiFi Web Server-324]
> o.a.n.w.s.NiFiAuthenticationFilter Authentication success for sweeks
>
> 2021-04-28 13:01:44,875 INFO [NiFi Web Server-324]
> o.a.n.w.a.c.AccessDeniedExceptionMapper identity[sweeks], groups[admin]
> does not have permission to access the requested resource. Unable to modify
> the data for Processor with ID 1887dab4-0179-1000-ffff-ffff99018b60.
> Returning Forbidden response.
>
> 2021-04-28 13:01:44,876 INFO [NiFi Web Server-312]
> o.a.n.w.s.NiFiAuthenticationFilter Attempting request for (<sweeks><
> node1.example.org><node2.example.orgl>) POST
> https://node1.example.org:8443/nifi-api/flowfile-queues/18882d1e-0179-1000-0000-000004f46c76/drop-requests
> (source ip: 10.208.126.182)
>
> 2021-04-28 13:01:44,876 INFO [NiFi Web Server-312]
> o.a.n.w.s.NiFiAuthenticationFilter Authentication success for sweeks
>
>
>
> Thanks
>
> Shawn
>