User authorization

As a CDP administrator, after you create an environment, you must enable flow-management users to access the environment, utilize resources, and perform tasks in CDP. Assign the appropriate CDP resource role and one or more Ranger access policies based on the type of access the user requires. Before you begin, you must review the authorization workflow to understand the options and the process involved in authorizing users to access flow management resources.

Resource roles

A CDP resource role grants a user or user-group permission to access and perform tasks on a resource. A Ranger access policy for flow management contains one or more access rights to NiFi or NiFi Registry resources.

To learn about CDP resource roles and Ranger policies, see the following documents:
  • Understanding roles and resource roles
  • Ranger policies overview

Authorization workflow

The following diagram shows the prerequisites and the workflow involved in authorizing a flow management user:

You must select one of the following options based on the privileges the user is entitled to:
  • If the user requires administrator-level permissions to NiFi and NiFi Registry, assign the EnvironmentAdmin role.
  • If the user requires selective permissions to NiFi and NiFi Registry, assign the EnvironmentAdmin role and add the user to the appropriate Ranger policies. Optionally, create a custom policy and add the user to it.