Authorization example
You can review this example to understand how you can enable a flow-management user to perform specific tasks like setting up version control for a flow, by assigning the appropriate Ranger policies.
User A must be able to do the following tasks:
- Access the NiFi UI.
- Export a flow.
- View data queued in connections.
- View data flowing through.
- Use a NiFi SSLContextService to connect to SSL-enabled systems.
- Set up version control for a flow.
Complete the following steps to enable User A to perform the required tasks:
- Add User A to the predefined Ranger access policy for NiFi, Flow.
Set the permissions to Read.
The Flow policy gives the user the right to view the NiFi UI.
- Create a Ranger access policy for NiFi with:
- Resource descriptor:
/data/process-groups/<ID of process-group> - Permission: Read and Write
Add User A to this custom policy. The policy gives the user the right to export the data, view the data that is queued and flowing through the connections.
- Resource descriptor:
- Create a Ranger access policy for NiFi with:
- Resource descriptor:
/controller-service/<ID of SSL Context Service> - Permission: Read
Add User A to this custom policy. The policy gives the user the right to use the specified SSLContextService in their flows to connect to SSL-enabled systems.
- Resource descriptor:
- Create a Ranger access policy for NiFi Registry with:
- Resource descriptor:
/buckets/<ID of bucket> - Permission: Read, Write, and Delete
Add User A to this custom policy. The policy gives the user the right to set up version control for a flow.
- Resource descriptor:
