Enabling edit access with LDAP authentication

If you configured LDAP authentication for your NiFi cluster, you need to perform additional configuration to enable access to the canvas for the admin user.

On initial deployment with LDAP user authentication, the specified initial admin identity does not have permissions to edit the canvas, resulting in grayed-out Flow controls. You can configure access from the NiFi web UI.

  1. Access the NiFi UI by navigating to https://[***NIFI HOST***]:[***NIFI PORT***]/nifi in a web browser.
    The default [***NIFI PORT***] is 8443.
  2. Log in using the admin user credentials.
  3. Go to Global Menu > Policies > Access Policies
    You can grant rights by selecting a policy from the drop-down list and then clicking Create.
    Grant at least the following policy to the admin user:
    • view the UI

    The available global access policies are:

    Policy Privilege
    view the UI Allows users to view the UI
    access the controller Allows users to view and modify the controller including Management Controller Services, Reporting Tasks, Registry Clients, Parameter Providers and nodes in the cluster
    query provenance Allows users to submit a provenance search and request even lineage
    access restricted components Allows users to create/modify restricted components assuming other permissions are sufficient. The restricted components may indicate which specific permissions are required. Permissions can be granted for specific restrictions or be granted regardless of restrictions. If permission is granted regardless of restrictions, the user can create/modify all restricted components.
    access all policies Allows users to view and modify the policies for all components
    access users/groups Allows users to view and modify the users and user groups
    retrieve site-to-site details Allows other NiFi instances to retrieve Site-To-Site details
    view system diagnostics Allows users to view System Diagnostics
    proxy user requests Allows proxy machines to send requests on the behalf of others
    access counters Allows users to view and modify counters
  4. Grant the admin user edit permission by right-clicking on the canvas and selecting Manage access policies.
  5. Select an access policy from the drop-down list and click Create to make the Add User button available for the policy. Add the admin user.

    The available component-level access policies are:

    Policy Privilege
    view the component Allows users to view component configuration details
    modify the component Allows users to modify component configuration details
    view provenance Allows users to view provenance events generated by this component
    view the data Allows users to view metadata and content for this component in FlowFile queues in outbound connections and through provenance events
    modify the data Allows users to empty FlowFile queues in outbound connections and submit replays through provenance events
    view the policies Allows users to view the list of users who can view and modify a component
    modify the policies Allows users to modify the list of users who can view and modify a component
    retrieve data via site-to-site Allows a port to receive data from NiFi instances
    send data via site-to-site Allows a port to send data from NiFi instances
  6. Select view the component and click Create to make the Add User button available for the policy. Add the admin user.
    This provides the admin user write access.