Migrate NiFi Registry Ranger-based policies

Provides the steps for migrating NiFi Registry Ranger-based policies.

If the source cluster uses Ranger policies for NiFi Registry authorizations and you require the same Ranger policies on the destination cluster, migrate the existing Ranger policies using the Ranger Import/Export feature.

  • You have installed the Ranger service on your destination cluster.
  • You have selected Ranger as a NiFi Registry dependency.
  1. In your source Ranger UI, select Access Manager | Resource Based Policies. On the Service Manager page, select Export. Remove all services listed except NiFi Registry and select Export. A JSON file is exported.
  2. In your destination Ranger UI, select Access Manager | Resource Based Policies. On the Service Manager page, select the NiFi Registry Ranger service. Delete all of the existing policies on the service, being careful not to delete the NiFi Registry service.
  3. Return to the Service Manager page in your destination Ranger. Select Import. Select the source JSON file you exported in Step 1. Map the source NiFi Registry Ranger service to the destination NiFi Registry Ranger service. Select Import.
  4. For NiFi Registry service policies where source NiFi nodes are referenced (for example, Proxy and Bucket policies), add the group nifiregistry to those conditions, then delete the source nodes from those policies.
  5. Edit the users.xml from the source cluster by removing source node users. Replace the users.xml on the destination cluster NiFi Registry node with the modified users.xml. The default CFM 2.0.x location is /var/lib/nifiregistry.

When you have completed migrating NiFi Registry policies, you may proceed to migrating NiFi state and custom components.