Configuring Ranger policies for site-to-site communication

To allow NiFi's site-to-site communication between Cloudera on cloud and Cloudera Base on premises clusters, you need to configure Ranger authorization between the two clusters. To do this, create Ranger users in your Cloudera on cloud cluster that correspond to the Cloudera Base on premises NiFi nodes. Then create a new Ranger policy with site-to-site resources configured, and assign your Cloudera Base on premises NiFi node users to the policy.

You have defined your Cloudera on cloud data flow.
You have a list of your FQDN Cloudera Base on premises host names. You need the host names to create the Ranger policies in Cloudera on cloud.

In you Cloudera on cloud environment, launch the Ranger UI, click Settings > Users/Groups/Roles > User Create to add the users corresponding to the nodes of the Cloudera Base on premises cluster.
Click User Create to create one user per NiFi node running your Cloudera Base on premises environment.
You create this user to make Ranger aware of the Cloudera Base on premises nodes, so that you can create policies by including them. Because this user is not used to authenticate on the Ranger UI, the password can be random.
Create a new policy in the NiFi Service in Ranger.
You need to enter the following NiFi Resources:
- /site-to-site
- /data-transfer/input-ports/[***ID of the Input Port***]
- /data-transfer/output-ports/<ID of the Output Port>
note

You can retrieve the input and output port IDs by right-clicking the component and reviewing the configuration view.
Add the Cloudera Base on premises users you created in Step 2, and assign Read and Write permissions:

Your policies are now listed.