Example

In the following scenario a user requires access to specific NiFi and NiFi resources. You must add the user to the appropriate access policies.

UserA must be able to do the following tasks:

  • Access the NiFi UI.
  • Export a flow.
  • View data queued in connections.
  • View data flowing through.
  • Use a NiFi SSLContextService to connect to SSL-enabled systems.
  • Set up version control for a flow.

Complete the following steps to enable UserA to perform the required tasks:

  1. Add UserA to the pre-defined Ranger access policy for NiFi, Flow. Set the permissions to Read.

    The Flow policy gives the user the right to view the NiFi UI.

  2. Create a Ranger access policy for NiFi with:
    • Resource descriptor: /data/process-groups/<ID of process-group>
    • Permission: Read and Write

    Add UserA to this custom policy. The policy gives the user the right to export the data, view the data that is queued and flowing through the connections.

  3. Create a Ranger access policy for NiFi with:
    • Resource descriptor: /controller-service/<ID of SSL Context Service>
    • Permission: Read

    Add UserA to this custom policy. The policy gives the user the right to use the specified SSLContextService in their flows to connect to SSL-enabled systems.

  4. Create a Ranger access policy for NiFi Registry with:
    • Resource descriptor: /buckets/<ID of bucket>
    • Permission: Read, Write, and Delete

    Add UserA to this custom policy. The policy gives the user the right to set up version control for a flow.