Cloudera Docs

Add the user to predefined Ranger access policies

After assigning the EnvronmentUser role to the new user, you must add the user to the appropriate predefined Ranger access policies for NiFi and NiFi Registry. These policies determine what the user can command, control, and observe in a NiFi dataflow or in the NiFi Registry.

Each predefined Ranger access policy confers specific rights to NiFi or NiFi Registry resources. When an authenticated flow-management user attempts to view or modify a NiFi or NiFi Registry resource, the system checks whether the user is associated with the specific Ranger access policy that confers the privileges to perform that action.

For more information, see:

  • Predefined Ranger access policies for NiFi resources
  • Preefined Ranger access policies for NiFi Registry resources
  1. From the base cluster with Ranger, click the Ranger icon.
    The Ranger Service Manager page appears.

    Each cluster in the environment is listed under its respective service. For example, the NiFi clusters in the environment are listed under NiFi.

  2. Select a cluster from either the NiFi or NiFi Registry section.
    The following image shows the list of predefined policies for NiFi:


    The List of Policies page appears.
  3. Click the ID for a policy.
    The following image shows the list of predefined policies for NiFi:


    The Edit Policy page appears.
  4. In the Allow Conditions section, add the user or the user group to the Select User field.
  5. Click Save.
The user now has the NiFi and NiFi Registry rights according to the policies you added the user or user group to. These rights are inherited down the hierarchy unless there is a more specific policy on a component.
Complete the steps listed in Create a Custom Access Policy.