Component Level Access Policies
Component level access policies govern the following component level authorizations:
Policy |
Privilege |
---|---|
view the component |
Allows users to view component configuration details |
modify the component |
Allows users to modify component configuration details |
view the data |
Allows user to view metadata and content for this component through provenance data and flowfile queues in outbound connections |
modify the data |
Allows user to empty flowfile queues in outbound connections and submit replays |
view the policies |
Allows users to view the list of users who can view/modify a component |
modify the policies |
Allows users to modify the list of users who can view/modify a component |
receive data via site-to-site |
Allows a port to receive data from NiFi instances |
send data via site-to-site |
Allows a port to send data from NiFi instances |
You can apply access policies to all component types except connections. Connection authorizations are inferred by the individual access policies on the source and destination components of the connection, as well as the access policy of the process group containing the components. This is discussed in more detail in the Creating a Connection and Editing a Connection examples below. |
In order to access List Queue or Delete Queue for a connection, a user requires permission to the "view the data" and "modify the data" policies on the component. In a clustered environment, all nodes must be added to these policies as well, as a user request could be replicated through any node in the cluster. |