Return-Path: <dev-return-14772-archive-asf-public=cust-asf.ponee.io@nifi.apache.org>
X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io
Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io
Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183])
	by cust-asf2.ponee.io (Postfix) with ESMTP id D04BB200CC5
	for <archive-asf-public-internal@cust-asf2.ponee.io>; Tue, 27 Jun 2017 06:12:51 +0200 (CEST)
Received: by cust-asf.ponee.io (Postfix)
	id CEC7D160BDE; Tue, 27 Jun 2017 04:12:51 +0000 (UTC)
Delivered-To: archive-asf-public@cust-asf.ponee.io
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by cust-asf.ponee.io (Postfix) with SMTP id EDAF7160BDA
	for <archive-asf-public@cust-asf.ponee.io>; Tue, 27 Jun 2017 06:12:50 +0200 (CEST)
Received: (qmail 83061 invoked by uid 500); 27 Jun 2017 04:12:50 -0000
Mailing-List: contact dev-help@nifi.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:dev-help@nifi.apache.org>
List-Unsubscribe: <mailto:dev-unsubscribe@nifi.apache.org>
List-Post: <mailto:dev@nifi.apache.org>
List-Id: <dev.nifi.apache.org>
Reply-To: dev@nifi.apache.org
Delivered-To: mailing list dev@nifi.apache.org
Received: (qmail 83039 invoked by uid 99); 27 Jun 2017 04:12:49 -0000
Received: from pnap-us-west-generic-nat.apache.org (HELO spamd2-us-west.apache.org) (209.188.14.142)
    by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 27 Jun 2017 04:12:49 +0000
Received: from localhost (localhost [127.0.0.1])
	by spamd2-us-west.apache.org (ASF Mail Server at spamd2-us-west.apache.org) with ESMTP id DA85D1A0321
	for <dev@nifi.apache.org>; Tue, 27 Jun 2017 04:12:48 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at spamd2-us-west.apache.org
X-Spam-Flag: NO
X-Spam-Score: -0.801
X-Spam-Level: 
X-Spam-Status: No, score=-0.801 tagged_above=-999 required=6.31
	tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1,
	RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=disabled
Authentication-Results: spamd2-us-west.apache.org (amavisd-new);
	dkim=pass (1024-bit key) header.d=yahoo-corp.jp header.b=hDE+EXJS;
	dkim=pass (1024-bit key) header.d=yjcorp.onmicrosoft.com
	header.b=EKmfFGbU
Received: from mx1-lw-eu.apache.org ([10.40.0.8])
	by localhost (spamd2-us-west.apache.org [10.40.0.9]) (amavisd-new, port 10024)
	with ESMTP id t9Q-qZfBS9SD for <dev@nifi.apache.org>;
	Tue, 27 Jun 2017 04:12:46 +0000 (UTC)
Received: from obrelay04.is.kks.yahoo.co.jp (obrelay04.is.kks.yahoo.co.jp [114.111.94.245])
	by mx1-lw-eu.apache.org (ASF Mail Server at mx1-lw-eu.apache.org) with ESMTPS id 2D9955FB71
	for <dev@nifi.apache.org>; Tue, 27 Jun 2017 04:12:44 +0000 (UTC)
Received: from corp-ob06.is.ssk.ynwp.yahoo.co.jp (corp-ob06.is.ssk.ynwp.yahoo.co.jp [182.22.89.23])
 by obrelay04.is.kks.yahoo.co.jp (Mailer-Daemon) with ESMTP id v5R4CaFl006071
 for <dev@nifi.apache.org>; Tue, 27 Jun 2017 13:12:36 +0900
Received: from yjwex2cas01.yjoffice.local (yjwex2cas01.is.bbt.yahoo.co.jp [172.22.15.53])
	by corp-ob06.is.ssk.ynwp.yahoo.co.jp (Postfix) with ESMTP id EEC1B120048
	for <dev@nifi.apache.org>; Tue, 27 Jun 2017 13:12:35 +0900 (JST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo-corp.jp;
	s=default; t=1498536756;
	bh=8ZVhe9W5fKGoRhXYocEOFZ77EBEB39vSoQpyT64co50=;
	h=From:To:Subject:Date;
	b=hDE+EXJSxA6gYkeQrVsr2dqK6W6Sb/YGAz0XnKcfJyI3bbu8bG4eG3VhM8uJG6FwS
	 SAFW9iUSw951rRe1/+ehZJ8Jl4d60dHUIC15iv+p5arfbWLY6zKauIqZ8nY/Oe0BWu
	 gqv3zIhwD2MraQg2WXqoTl9pOkr9vImG3/QhtSds=
Received: from yjwex2mbx01.yjoffice.local (172.22.15.58) by
 yjwex2cas01.yjoffice.local (172.22.15.53) with Microsoft SMTP Server (TLS) id
 15.0.1104.5; Tue, 27 Jun 2017 13:12:35 +0900
Received: from yjwex2cas03.yjoffice.local (172.22.15.55) by
 yjwex2mbx01.yjoffice.local (172.22.15.58) with Microsoft SMTP Server (TLS) id
 15.0.1104.5; Tue, 27 Jun 2017 13:12:35 +0900
Received: from yjwex2edge02.yjoffice.local (103.2.245.142) by
 yjwex2cas03.yjoffice.local (172.22.15.52) with Microsoft SMTP Server id
 15.0.1104.5 via Frontend Transport; Tue, 27 Jun 2017 13:12:35 +0900
Received: from APC01-SG2-obe.outbound.protection.outlook.com (65.55.88.242) by
 yjwex2edge02.yahoo-corp.jp (103.2.245.142) with Microsoft SMTP Server (TLS)
 id 15.0.1104.5; Tue, 27 Jun 2017 13:12:32 +0900
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=yjcorp.onmicrosoft.com; s=selector1-yahoocorp-jp01c;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version;
 bh=8ZVhe9W5fKGoRhXYocEOFZ77EBEB39vSoQpyT64co50=;
 b=EKmfFGbUTeMgtnejct5bojQJRWAXIpkygs8utbS1+pBrU9n3SP2I/5xcSbuW+2HFlQKhm0qxf6VcNtAeKp5Hllg/sniGuvd/bnphu5bXYzeTc8B13jIiLRGDAnINM5RipLGuMC0F/wjUp4JHMN/8dysSwL2zUWRvfE8+drSngmQ=
Received: from SG2PR03MB0716.apcprd03.prod.outlook.com (10.161.10.142) by
 SG2PR03MB1470.apcprd03.prod.outlook.com (10.169.54.140) with Microsoft SMTP
 Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id
 15.1.1220.5; Tue, 27 Jun 2017 04:12:33 +0000
Received: from SG2PR03MB0716.apcprd03.prod.outlook.com
 ([fe80::68c3:3b08:4cab:8f81]) by SG2PR03MB0716.apcprd03.prod.outlook.com
 ([fe80::68c3:3b08:4cab:8f81%17]) with mapi id 15.01.1220.011; Tue, 27 Jun
 2017 04:12:34 +0000
From: Takanobu Asanuma <tasanuma@yahoo-corp.jp>
To: "dev@nifi.apache.org" <dev@nifi.apache.org>
Subject: Authorization problems of NiFi secured cluster
Thread-Topic: Authorization problems of NiFi secured cluster
Thread-Index: AdLu+vWZ32Y1mMFASbuGw6EnFY4Kiw==
Date: Tue, 27 Jun 2017 04:12:34 +0000
Message-ID: <SG2PR03MB0716A4E4C4C211F4A3D5DB658DDC0@SG2PR03MB0716.apcprd03.prod.outlook.com>
Accept-Language: ja-JP, en-US
Content-Language: ja-JP
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
authentication-results: nifi.apache.org; dkim=none (message not signed)
 header.d=none;nifi.apache.org; dmarc=none action=none
 header.from=yahoo-corp.jp;
x-originating-ip: [211.14.8.250]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1;SG2PR03MB1470;7:OuKP56MRKSn/4QqsZV9Xovy3nULV3+igUL60Wh7gcSqoNRgD7qDDcVwVS9RQZ3LYOvlNrZ3RXF1zNeufwnYNf0HKTKWHvBFYc+X2Vfk8SDArr3AEYb/pJlWII/QYmFf+dEWar967ReXCt/S+0WuOd5QJOV9IlBpEy7LMr0H+Z7AH6ul/j7yxSXV2kIT+yC8+1WBk1ROITXtKHa/WbXXHp4K20gPg1UvjBbewGoBgAIAfhxJS126xZf9dNXzfrW3KljBQSVxwndhEpiF+Afbl6UDZkoGcwNFRLziakWD6iPWWTmFYM6g2nrjImDhOhOimKUMFHC4z8TTPY8hfcqA3KnlSkPF4K763VRuwySLTLphLVgRHSP8DJnkA9+yq+t0eeCB6SlU21pcSY0w77s5ZM7APhY9pieXZxcNXn1kfoVpc5McrPWRgUWO3FWKh0rjUDjXwWokHNV/wk0bDzYh+7F60eilNXXGI9p/h+NkZZvFkU7Fd6u418BAmJukJtm75PfN1jd8H8BhcWxmimCBV8ST0EgUMc9/7ueJkLoX9Ieg3X03H/MGRu2YPyccfcg8Yh/b3OR8TD3kriDQNoZmeSrVU+UYPMRZnCNQwlCgYlGKenflFenToheJGtn83OXND3mj2ggc4A5QRKlEiwp4ZZfqJ3R109eKYiCE+KiOYUo2m6nn1xyshELC3WHKfuZqXRY+/beVP42loZ54+1vutpr07fQ0kSxzNXwc/cYrvz8bettKZf221tXZJLuDHW5EOZ2GKcV0l1sf2aRWvxOayjKfGpXKCSB6o6fPYmFWrLlY=
x-ms-office365-filtering-correlation-id: 181cd5ea-ba98-43fc-a6cc-08d4bd12bcf5
x-microsoft-antispam: UriScan:;BCL:0;PCL:0;RULEID:(300000500095)(300135000095)(300000501095)(300135300095)(22001)(300000502095)(300135100095)(2017030254075)(300000503095)(300135400095)(201703131423075)(201703031133081)(201702281549075)(300000504095)(300135200095)(300000505095)(300135600095)(300000506067)(300135500095);SRVR:SG2PR03MB1470;
x-ms-traffictypediagnostic: SG2PR03MB1470:
x-microsoft-antispam-prvs: <SG2PR03MB1470DB091D40DA42BCD106CC8DDC0@SG2PR03MB1470.apcprd03.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(236129657087228)(192374486261705);
x-exchange-antispam-report-cfa-test: BCL:0;PCL:0;RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(6040450)(601004)(2401047)(8121501046)(5005006)(100000703101)(100105400095)(10201501046)(3002001)(93006095)(93001095)(6041248)(20161123558100)(20161123555025)(20161123560025)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(20161123564025)(20161123562025)(6072148)(100000704101)(100105200095)(100000705101)(100105500095);SRVR:SG2PR03MB1470;BCL:0;PCL:0;RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(100000804101)(100110200095)(100000805101)(100110500095);SRVR:SG2PR03MB1470;
x-forefront-prvs: 0351D213B3
x-forefront-antispam-report: SFV:NSPM;SFS:(10019020)(6009001)(6029001)(39450400003)(39830400002)(39410400002)(39400400002)(86362001)(2900100001)(99286003)(9686003)(1730700003)(55016002)(33656002)(53936002)(81166006)(6436002)(6916009)(5640700003)(6506006)(8936002)(38730400002)(189998001)(7736002)(3846002)(6116002)(8676002)(110136004)(74482002)(478600001)(2906002)(50986999)(54356999)(2351001)(14454004)(7696004)(102836003)(5660300001)(305945005)(3280700002)(3660700001)(66066001)(25786009)(85182001)(2501003)(5250100002)(74316002);DIR:OUT;SFP:1102;SCL:1;SRVR:SG2PR03MB1470;H:SG2PR03MB0716.apcprd03.prod.outlook.com;FPR:;SPF:None;MLV:sfv;LANG:en;
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="iso-2022-jp"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-originalarrivaltime: 27 Jun 2017 04:12:34.2421
 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: a208d369-cd4e-4f87-b119-98eaf31df2c3
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SG2PR03MB1470
archived-at: Tue, 27 Jun 2017 04:12:52 -0000

Hello experts,

When I created a NiFi cluster with security, any users can't list any queue=
s due to "insufficient permissions" though the users have the permissions.

For example, there is a dataflow which contains processor-A and processor-B=
, and processor-A is connecting to processor-B. In this case, even if user1=
 has the policies which are view/modify the component/data of processor-A a=
nd processor-B, he can't list the queue of the processors.

This problem only occurs when the secured NiFi instance is clustering mode =
(nifi.cluster.is.node=3Dtrue). If secured NiFi instance is standalone mode,=
 the problem doesn't happen. I have faced this problem with the latest rele=
ase version, 1.3.0.

Do you have any thoughts?

Thanks,
Takanobu Asanuma