Migrate NiFi Ranger-based policies

Provides the steps for migrating NiFi Ranger-based policies

  • You have installed the Ranger service on your destination cluster.
  • You have selected Ranger as a NiFi dependency.

If the source cluster uses Ranger policies for NiFi authorizations and you require the same Ranger policies on the destination cluster, migrate the existing Ranger policies using the Ranger Import/Export feature.

  1. In your source Ranger UI, select Access Manager | Resource Based Policies. On the Service Manager page, select Export. Remove all services listed except NiFi and select Export. A JSON file is exported.
  2. In your destination Ranger UI, select Access Manager | Resource Based Policies. On the Service Manager page, select the NiFi service. Delete all of the existing policies on the service, being careful not to delete the NiFi service.
  3. Return to the Service Manager page in your destination Ranger. Select Import. Select the source JSON file you exported in Step 1. Map the source NiFi Ranger service to the destination NiFi Ranger service. Select Import.
  4. For NiFi service policies where source NiFi nodes are referenced (for example, Proxy policy), add the group nifi to those conditions, then delete the source nodes from those policies.
  5. Edit the users.xml from the source cluster by removing source node users. Replace the users.xml on each destination cluster NiFi node with the modified users.xml. The default CFM 2.0.x location is /var/lib/nifi.

When you have finished migrating NiFi Ranger-based policies, proceed with the steps for migrating NiFi Registry Ranger-based policies.