Hello Takanobu, If the issue doesn't happen with standalone mode, I assume it happens because the security policy does not allow NiFi node to "view the data".
When a user sends a request to a node within a cluster, the node proxies the request to other nodes within the same cluster. I'd recommend to check if conf/authorizers.xml has Node Identity properties, looks like this: <authorizer> ... <property name="Node Identity 1">CN=localhost, OU=NIFI</property> </authorizer> IIRC, if you define the Node Identity before starting the secured cluster at the first time, NiFi automatically creates necessary policies for each node to proxy user request (I maybe wrong on this..). If you already have the cluster started, then you can add NiFi node as a user then add it to the "view the data" policy manually (probably at the root PG's policy would be the most appropriate place). I confirmed that the issue can be reproduced by removing NiFi node user from "view the data" policy. Please try above and let us know if it addresses your issue. Thanks, Koji On Tue, Jun 27, 2017 at 1:12 PM, Takanobu Asanuma <tasan...@yahoo-corp.jp> wrote: > Hello experts, > > When I created a NiFi cluster with security, any users can't list any queues > due to "insufficient permissions" though the users have the permissions. > > For example, there is a dataflow which contains processor-A and processor-B, > and processor-A is connecting to processor-B. In this case, even if user1 has > the policies which are view/modify the component/data of processor-A and > processor-B, he can't list the queue of the processors. > > This problem only occurs when the secured NiFi instance is clustering mode > (nifi.cluster.is.node=true). If secured NiFi instance is standalone mode, the > problem doesn't happen. I have faced this problem with the latest release > version, 1.3.0. > > Do you have any thoughts? > > Thanks, > Takanobu Asanuma
