NiFi Restricted Components

As the administrator, you should be aware of the capabilities of NiFi restricted components and explicitly enable them for trusted users.

Restricted components are the processors, controller services, or reporting tasks that have the ability to run user-defined code or access/alter localhost filesystem data using the NiFi OS credentials. An authorized NiFi user can use these components to go beyond the intended use of the application, escalate privilege, or expose data about the internals of the NiFi process or the host system. For this reason, you must grant the user or user group the specific permission they require to the specific restricted component.

The restricted-components policy allows you to fine-tune the permission for each component and also makes a distinction between processors that access the local filesystem where NiFi is running and the processors that access a distributed file system like the Hadoop related processors.

The following list describes the available Ranger restricted-components policies you can use to control access to a restricted component:

/restricted-components/access-keytab
Allows users to access the keytab for the restricted component.
/restricted-components/code-execution
Allows users to run code for the restricted component.
/restricted-components/export-nifi-details
Allows users to export NiFi details accessed by the restricted component.
/restricted-components/read-filesystem
Allows users to use processors that require read access to the local filesystem.
/restricted-components/read-distributed-filesystem
Allows users to use processors that require read access to the distributed filesystem.
/restricted-components/write-filesystem
Allows users to use processors that require write access to the local filesystem.
/restricted-components/write-distributed-filesystem
Allows users to use processors that require write access to the distributed filesystem.
The following tables list the restricted components that you can set the /restricted-components/<permission level> for.
Table 1. Access-keytab
NiFi component Component type Access provisions
KeytabCredentialsService Controller Service Allows user to define a Keytab and principal that can then be used by other components.
Table 2. Code-execution
NiFi component Component type Access provisions
ScriptedReportingTask Reporting Task Provides operator the ability to run arbitrary code assuming all permissions that NiFi has.
ScriptedLookupService Controller Service Provides operator the ability to run arbitrary code assuming all permissions that NiFi has.
ScriptedReader Controller Service Provides operator the ability to run arbitrary code assuming all permissions that NiFi has.
ScriptedRecordSetWriter Controller Service Provides operator the ability to run arbitrary code assuming all permissions that NiFi has.
ExecuteFlumeSink Processor Provides operator the ability to run arbitrary Flume configurations assuming all permissions that NiFi has.
ExecuteFlumeSource Processor Provides operator the ability to run arbitrary Flume configurations assuming all permissions that NiFi has.
ExecuteGroovyScript Processor Provides operator the ability to run arbitrary code assuming all permissions that NiFi has.
ExecuteProcess Processor Provides operator the ability to run arbitrary code assuming all permissions that NiFi has.
ExecuteScript Processor Provides operator the ability to run arbitrary code assuming all permissions that NiFi has.
ExecuteStreamCommand Processor Provides operator the ability to run arbitrary code assuming all permissions that NiFi has.
invokeScriptedProcessor Processor Provides operator the ability to run arbitrary code assuming all permissions that NiFi has.
Table 3. Export-nifi-details
NiFi component Component type Access provisions
SiteToSiteBulletinReportingTask Reporting Task Provides operator the ability to send sensitive details contained in bulletin events to any external system.
SiteToSiteProvenanceReportingTask Reporting Task Provides operator the ability to send sensitive details contained in Provenance events to any external system.
Table 4. Read-filesystem
NiFi component Component type Access provisions
FetchFile Processor Provides operator the ability to read from any file that NiFi has access to.
GetFile Processor Provides operator the ability to read from any file that NiFi has access to.
TailFile Processor Provides operator the ability to read from any file that NiFi has access to.
Table 5. Read-distributed-filesystem
NiFi component Component type Access provisions
FetchHDFS Processor Provides operator the ability to retrieve any file that NiFi has access to in HDFS or the local filesystem.
FetchParquet Processor Provides operator the ability to retrieve any file that NiFi has access to in HDFS or the local filesystem.
GetHDFS Processor Provides operator the ability to retrieve any file that NiFi has access to in HDFS or the local filesystem.
GetHDFSSequenceFile Processor Provides operator the ability to retrieve any file that NiFi has access to in HDFS or the local filesystem.
MoveHDFS Processor Provides operator the ability to retrieve any file that NiFi has access to in HDFS or the local filesystem.
Table 6. Write-filesystem
NiFi component Component type Access provisions
FetchFile Processor Provides operator the ability to delete any file that NiFi has access to.
GetFile Processor Provides operator the ability to delete any file that NiFi has access to.
PutFile Processor Provides operator the ability to write to any file that NiFi has access to.
Table 7. Write-distributed-filesystem
NiFi component Component type Access provisions
DeleteHDFS Processor Provides operator the ability to delete any file that NiFi has access to in HDFS or the local filesystem.
GetHDFS Processor Provides operator the ability to delete any file that NiFi has access to in HDFS or the local filesystem.
GetHDFSSequenceFile Processor Provides operator the ability to delete any file that NiFi has access to in HDFS or the local filesystem.
MoveHDFS Processor Provides operator the ability to delete any file that NiFi has access to in HDFS or the local filesystem.
PutHDFS Processor Provides operator the ability to delete any file that NiFi has access to in HDFS or the local filesystem.
PutParquet Processor Provides operator the ability to write any file that NiFi has access to in HDFS or the local filesystem.