Apache NiFi Security Reference
Also available as:
PDF

ShellUserGroupProvider

The ShellUserGroupProvider fetches user and group details from Unix-like systems using shell commands.

This provider executes various shell pipelines with commands such as getent on Linux and dscl on MacOS.

Supported systems may be configured to retrieve users and groups from an external source, such as LDAP or NIS. In these cases the shell commands will return those external users and groups. This provides administrators another mechanism to integrate user and group directory services.

The ShellUserGroupProvider has the following properties:

Property Name Description

Exclude Users

Regular expression used to exclude users. Default is '', which means no users are excluded.

Initial Refresh Delay

Duration of initial delay before first user and group refresh. (i.e. 10 secs). Default is 5 mins.

Refresh Delay

Duration of delay between each user and group refresh. (i.e. 10 secs). Default is 5 mins.

Exclude Groups

Regular expression used to exclude groups. Default is '', which means no groups are excluded.

Like LdapUserGroupProvider, the ShellUserGroupProvider is commented out in the authorizers.xml file. Refer to that comment for usage examples.