Peter, That was by design. The permissions that are granted were primarily driven by the existing roles in the 0.x baseline. Provenance permissions were something that was granted in addition to other roles. However, I do see that whenever there is an existing flow.xml.gz the initial admin is also given permission the root Process Group and the data in the root Process Group. This deviates slightly from the 0.x guidance and I could definitely see granting the ability to query provenance in this case too. Feel free to file JIRA for this improvement.
Thanks Matt On Wed, Oct 25, 2017 at 10:01 PM, Peter Wicks (pwicks) <pwi...@micron.com> wrote: > I just setup a new NiFi instance and setup myself as the Initial Admin > Identity, I'm currently the only user on the box and I've made no security > changes. I noticed today that I couldn't query provenance. > > I had to go in and create a new policy and add myself to it. This seems > odd for an initial admin identity, but maybe it's by design? > > Thanks, > Peter >
