Initial Admin Identity can't query provenance?

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Initial Admin Identity can't query provenance?

Peter Wicks (pwicks)
I just setup a new NiFi instance and setup myself as the Initial Admin Identity, I'm currently the only user on the box and I've made no security changes. I noticed today that I couldn't query provenance.

I had to go in and create a new policy and add myself to it. This seems odd for an initial admin identity, but maybe it's by design?

Thanks,
  Peter
Reply | Threaded
Open this post in threaded view
|

Re: Initial Admin Identity can't query provenance?

Matt Gilman
Peter,

That was by design. The permissions that are granted were primarily driven
by the existing roles in the 0.x baseline. Provenance permissions were
something that was granted in addition to other roles. However, I do see
that whenever there is an existing flow.xml.gz the initial admin is also
given permission the root Process Group and the data in the root Process
Group. This deviates slightly from the 0.x guidance and I could definitely
see granting the ability to query provenance in this case too. Feel free to
file JIRA for this improvement.

Thanks

Matt

On Wed, Oct 25, 2017 at 10:01 PM, Peter Wicks (pwicks) <[hidden email]>
wrote:

> I just setup a new NiFi instance and setup myself as the Initial Admin
> Identity, I'm currently the only user on the box and I've made no security
> changes. I noticed today that I couldn't query provenance.
>
> I had to go in and create a new policy and add myself to it. This seems
> odd for an initial admin identity, but maybe it's by design?
>
> Thanks,
>   Peter
>