Ralph, I'm guessing that every user is not disabled since you said that you are manually adding them back in through the UI. Is there anything in common with the user's that are being revoked?
To follow up on Clarke's comment... As your updating the users through the UI, the authorized-users.xml file should be updated to reflect those changes. Are you seeing any errors logged there? Can you confirm that the authorized-users.xml is accurate at that point? Matt On Tue, Jul 26, 2016 at 1:31 PM, Perko, Ralph J <[email protected]> wrote: > Thanks for the responses. > > Matt Clarke: The permissions look fine. Nifi runs as user “nifi” and all > files are owned by “nifi” (with write permissions of course) > > Matt Gilman: > As far as additional logging here is what I found – No errors of any sort: > > 016-07-25 16:10:59,420 INFO [main] > o.a.nifi.admin.UserDataSourceFactoryBean Existing database found and > connected to at: > jdbc:h2:./database_repository/nifi-users;AUTOCOMMIT=OFF;DB_CLOSE_ON_EXIT=FALSE;LOCK_MODE=3;LOCK_TIMEOUT=25000;WRITE_DELAY=0;AUTO_SERVER=FALSE > 2016-07-25 16:10:59,473 INFO [main] > o.a.n.a.s.action.SeedUserAccountsAction User account already created: > <enabled user 1>. Updating authorities... > 2016-07-25 16:10:59,485 INFO [main] > o.a.n.a.s.action.SeedUserAccountsAction User account already > created: <enabled user 2>. Updating authorities... > 2016-07-25 16:10:59,487 INFO [main] > o.a.n.a.s.action.SeedUserAccountsAction User account already > created: <enabled user 3>. Updating authorities... > 2016-07-25 16:10:59,492 INFO [main] > o.a.n.a.s.action.SeedUserAccountsAction User account already > created: <enabled user 4>. Updating authorities... > 2016-07-25 16:10:59,494 INFO [main] > o.a.n.a.s.action.SeedUserAccountsAction User account already > created:<enabled user 5>. Updating authorities… > .. > 2016-07-25 16:10:59,508 INFO [main] > o.a.n.a.s.action.SeedUserAccountsAction User not authorized with configured > provider: <disabled user 1>. Disabling account... > 2016-07-25 16:10:59,509 INFO [main] > o.a.n.a.s.action.SeedUserAccountsAction User not authorized with configured > provider: <disabled user 2>. Disabling account... > … > > From: Matthew Clarke <[email protected]> > Reply-To: "[email protected]" <[email protected]> > Date: Tuesday, July 26, 2016 at 10:03 AM > To: "[email protected]" <[email protected]> > Subject: Re: authentication problem > > Verify the user running your nifi has the correct permissions to read and > edit all the database files in the NiFi database repository directory. Also > make sure the user running NiFi had permissions to edit the > authorized-users.xml file. This file is only read on start-up. After nifi > is running it operates solely from the memory and DBs. My guess is here > that nifi can not update the authorized-users.xml file with the changes you > are making in the User management UI. > > Thanks, > Matt > > On Jul 26, 2016 12:47 PM, "Perko, Ralph J" <[email protected]> wrote: > > Hi – whenever we restart Nifi half the accounts are disabled with this > message: > > INFO [main] o.a.n.a.s.action.SeedUserAccountsAction User not authorized > with configured provider: <user-id>. Disabling account... > > The users are in the authorized-users.xml file. Is this a configuration > issue on our part or a bug? It is curious that not all the accounts get > disabled only some and it is always the same accounts. > > To re-enable the accounts I go into the users page, select the disabled > user (click the little pencil) and click ‘apply’ with no changes - the > account is re-enabled. > > Details: > Nifi 0.6.1 > authority-providers.xml: default file provider > login-identy-management.xml: kerberos-provider (corporate system – > everyone is in it) > authorized-users.xml:setup for each user > > Thanks, > Ralph > > >
