Cloudera Docs

Configuring a user identity with access policies

The User CRD represents a NiFi user and allows you to define a user identity and access policies. 

apiVersion: cfm.cloudera.com/v1alpha1
kind: User
metadata:
  name: nifi-user
spec:
  instanceTarget:
    kind: Nifi 
    name: [***NIFI CLUSTER NAME***]
    namespace: [***TARGET NAMESPACE***]
  identity: [****NAME OF THE USER IDENTITY**]
  accessPolicies:
  - resources:
     [***
      - ACCESSIBLE
      - RESOURCES***]
    actions:
      [***
      - PERMITTED
      - ACTIONS***]

For example, to create a user on the NiFi cluster defined by the resource mynifi in the default namespace named User05 with read and write access on flow, controller, and root process group components, you would use:

apiVersion: cfm.cloudera.com/v1alpha1
kind: User
metadata:
  name: nifi-user
spec:
  instanceTarget:
    kind: Nifi 
    name: mynifi
    namespace: default
  identity: User05
  accessPolicies:
  - resources:
      - /flow
      - /controller
      - /process-groups/root
    actions:
      - read
      - write