Peter,
That was by design. The permissions that are granted were primarily driven
by the existing roles in the 0.x baseline. Provenance permissions were
something that was granted in addition to other roles. However, I do see
that whenever there is an existing flow.xml.gz the initial admin is
I just setup a new NiFi instance and setup myself as the Initial Admin
Identity, I'm currently the only user on the box and I've made no security
changes. I noticed today that I couldn't query provenance.
I had to go in and create a new policy and add myself to it. This seems odd for
an