As the administrator, you should be aware of the capabilities of NiFi restricted
components and explicitly enable them for trusted users.
Restricted components are the processors, controller services, or reporting tasks that have the
ability to run user-defined code or access/alter localhost filesystem data using the NiFi OS
credentials. An authorized NiFi user can use these components to go beyond the intended use of
the application, escalate privilege, or expose data about the internals of the NiFi process or
the host system. For this reason, you must grant the user or user group the specific
permission they require to the specific restricted component.
The restricted-components policy allows you to fine-tune the permission for each component
and also makes a distinction between processors that access the local filesystem where NiFi is
running and the processors that access a distributed file system like the Hadoop related
processors.
The following list describes the available Ranger restricted-components policies you can use to
control access to a restricted component:
/restricted-components/access-keytab
Allows users to access the keytab for the restricted component.
/restricted-components/execute-code
Allows users to run code for the restricted component.
/restricted-components/export-nifi-details
Allows users to export NiFi details accessed by the restricted component.
/restricted-components/read-filesystem
Allows users to use processors that require read access to the local filesystem.
/restricted-components/read-distributed-filesystem
Allows users to use processors that require read access to the distributed
filesystem.
/restricted-components/write-filesystem
Allows users to use processors that require write access to the local filesystem.
/restricted-components/write-distributed-filesystem
Allows users to use processors that require write access to the distributed
filesystem.
The following tables list the restricted components that you can set the
/restricted-components/<permission level> for.
note
Some components may be
found under multiple restricted-component sub policies. In order for a user to utilize that
component, you must be grant the user access to every sub policy required by that
component.
Table 1. Access-keytab
NiFi component
Component type
Access provisions
KeytabCredentialsService
Controller Service
Allows user to define a Keytab and principal that can then be
used by other components.
Table 2. Execute-code
NiFi component
Component type
Access provisions
ScriptedReportingTask
Reporting Task
Provides operator the ability to run arbitrary code assuming
all permissions that NiFi has.
ScriptedLookupService
Controller Service
Provides operator the ability to run arbitrary code assuming
all permissions that NiFi has.
ScriptedReader
Controller Service
Provides operator the ability to run arbitrary code assuming
all permissions that NiFi has.
ScriptedRecordSetWriter
Controller Service
Provides operator the ability to run arbitrary code assuming
all permissions that NiFi has.
ExecuteFlumeSink
Processor
Provides operator the ability to run arbitrary Flume
configurations assuming all permissions that NiFi has.
ExecuteFlumeSource
Processor
Provides operator the ability to run arbitrary Flume
configurations assuming all permissions that NiFi has.
ExecuteGroovyScript
Processor
Provides operator the ability to run arbitrary code assuming
all permissions that NiFi has.
ExecuteProcess
Processor
Provides operator the ability to run arbitrary code assuming
all permissions that NiFi has.
ExecuteScript
Processor
Provides operator the ability to run arbitrary code assuming
all permissions that NiFi has.
ExecuteStreamCommand
Processor
Provides operator the ability to run arbitrary code assuming
all permissions that NiFi has.
invokeScriptedProcessor
Processor
Provides operator the ability to run arbitrary code assuming
all permissions that NiFi has.
Table 3. Export-nifi-details
NiFi component
Component type
Access provisions
SiteToSiteBulletinReportingTask
Reporting Task
Provides operator the ability to send sensitive details contained
in bulletin events to any external system.
SiteToSiteProvenanceReportingTask
Reporting Task
Provides operator the ability to send sensitive details contained
in Provenance events to any external system.
Table 4. Read-filesystem
NiFi component
Component type
Access provisions
FetchFile
Processor
Provides operator the ability to read from any file that NiFi has
access to.
GetFile
Processor
Provides operator the ability to read from any file that NiFi has
access to.
TailFile
Processor
Provides operator the ability to read from any file that NiFi has
access to.
Table 5. Read-distributed-filesystem
NiFi component
Component type
Access provisions
FetchHDFS
Processor
Provides operator the ability to retrieve any file that
NiFi has access to in HDFS or the local filesystem.
FetchParquet
Processor
Provides operator the ability to retrieve any file that
NiFi has access to in HDFS or the local filesystem.
GetHDFS
Processor
Provides operator the ability to retrieve any file that
NiFi has access to in HDFS or the local filesystem.
GetHDFSSequenceFile
Processor
Provides operator the ability to retrieve any file that
NiFi has access to in HDFS or the local filesystem.
MoveHDFS
Processor
Provides operator the ability to retrieve any file that
NiFi has access to in HDFS or the local filesystem.
Table 6. Write-filesystem
NiFi component
Component type
Access provisions
FetchFile
Processor
Provides operator the ability to delete any file that NiFi has
access to.
GetFile
Processor
Provides operator the ability to delete any file that NiFi has
access to.
PutFile
Processor
Provides operator the ability to write to any file that NiFi has
access to.
Table 7. Write-distributed-filesystem
NiFi component
Component type
Access provisions
DeleteHDFS
Processor
Provides operator the ability to delete any file that NiFi
has access to in HDFS or the local filesystem.
GetHDFS
Processor
Provides operator the ability to delete any file that NiFi
has access to in HDFS or the local filesystem.
GetHDFSSequenceFile
Processor
Provides operator the ability to delete any file that NiFi
has access to in HDFS or the local filesystem.
MoveHDFS
Processor
Provides operator the ability to delete any file that NiFi
has access to in HDFS or the local filesystem.
PutHDFS
Processor
Provides operator the ability to delete any file that NiFi
has access to in HDFS or the local filesystem.
PutParquet
Processor
Provides operator the ability to write any file that NiFi
has access to in HDFS or the local filesystem.
note
In CFM 2.1.0, if you use the PutORC processor, be aware that this processor requires access
to restricted components regardless of restriction.
