Giving access to your cluster

As an EnvironmentAdmin, you need provide users access to your environment and to the new Flow Management cluster by assigning user roles and adding users to Ranger policies.

The cluster you have created using the Flow Management cluster definition is kerberized and secured with SSL. Users can access cluster UIs and endpoints through a secure gateway powered by Apache Knox. Before you can begin developing data flows, you must give users access to the Flow Management cluster components.
  1. Assign the EnvironmentUser role to the users to grant access to the CDP environment and the Flow Management cluster.
  2. Sync the updated user permissions to the Data Lake (Ranger) using Actions > Synchronize Users to FreeIPA.
    This synchronizes the user to the FreeIPA identity management system to enable SSO.
  3. Add the user to the appropriate pre-defined Ranger policies.
    To access the NiFi canvas and view or manage NiFi resources, the user must be assigned to at least:
    • Flow
    • Root Process Group
    If needed, you can also create a custom Ranger access policy and add the user to it.
    For more information, see Flow Management security overview.