As a CDP administrator, after you create an environment, you must enable
flow-management users to access the environment, utilize resources, and perform tasks in CDP.
Assign the appropriate CDP resource role and one or more Ranger access policies based on the
type of access the user requires. Before you begin, you must review the authorization workflow
to understand the options and the process involved in authorizing users to access flow
management resources.
Resource roles
A CDP resource role grants a user or user-group permission to access and perform tasks on a
resource. A Ranger access policy for flow management contains one or more access rights to
NiFi or NiFi Registry resources.
To learn about CDP resource roles and Ranger policies, see the following documents:
Understanding roles and resource roles
Ranger policies overview
Authorization workflow
The following diagram shows the prerequisites and the workflow involved in authorizing a
flow management user:
You must select one of the following options based on the privileges the user is entitled
to:
If the user requires administrator-level permissions to NiFi and NiFi Registry, assign
the EnvironmentAdmin role.
If the user requires selective permissions to NiFi and NiFi Registry, assign the
EnvironmentAdmin role and add the user to the appropriate
Ranger policies. Optionally, create a custom policy and add the user to it.
