Assigning administrator level permissions

As a CDP administrator, assign the EnvironmentAdmin role to enable users to have administrator-level privileges to the environment. With the EnvironmentAdmin role, the user can access and manage environments, Flow Management clusters, and NiFi and NiFi Registry resources. Users can also authorize other users to access flow management resources.

Ensure that you meet the following prerequisites:
  • You created a Flow Management cluster.
  • You determined the permission level for each user.
  1. Click the Environments tab.
  2. Locate the environment.
  3. Click the environment name.
  4. Click Actions > Manage Access.
    The Access page appears.
  5. Locate the user and click Update Roles.
    The Update Resource Role page for the user appears.
  6. Check the EnvironmentAdmin option.
  7. Click Update Roles.
  8. Go back to the Environments tab and locate the environment.
  9. Click Actions > Synchronize Users to FreeIPA.
    The Sync Users window appears.
  10. Click Sync Users.
    This synchronizes the user to the FreeIPA identity management system to enable SSO.
With the EnvironmentAdmin role and membership in the internal NiFi or NiFi Registry groups, the user has the ability to:
  • Access and manage the environment and Flow Management clusters.
  • Authorize users or groups by adding them to Ranger access polices.
  • Modify or create conditions in predefined Ranger access policies.
  • Create new Ranger access policies and create conditions that specify the desired level of access for each user or group.

To authorize flow management users who do not require administrator-level permission, add the users individually or as a group to specific Ranger access policies for selective access to NiFi and NiFi Registry resources. For more information, see Assigning selective permissions to a user.