Authorization example

You can review an example to understand how you can enable a flow-management user to perform specific tasks like setting up version control for a flow, by assigning the appropriate Ranger policies.

UserA must be able to do the following tasks:

  • Access the NiFi UI.
  • Export a flow.
  • View data queued in connections.
  • View data flowing through.
  • Use a NiFi SSLContextService to connect to SSL-enabled systems.
  • Set up version control for a flow.

Complete the following steps to enable UserA to perform the required tasks:

  1. Add UserA to the predefined Ranger access policy for NiFi, Flow. Set the permissions to Read.

    The Flow policy gives the user the right to view the NiFi UI.

  2. Create a Ranger access policy for NiFi with:
    • Resource descriptor: /data/process-groups/<ID of process-group>
    • Permission: Read and Write

    Add UserA to this custom policy. The policy gives the user the right to export the data, view the data that is queued and flowing through the connections.

  3. Create a Ranger access policy for NiFi with:
    • Resource descriptor: /controller-service/<ID of SSL Context Service>
    • Permission: Read

    Add UserA to this custom policy. The policy gives the user the right to use the specified SSLContextService in their flows to connect to SSL-enabled systems.

  4. Create a Ranger access policy for NiFi Registry with:
    • Resource descriptor: /buckets/<ID of bucket>
    • Permission: Read, Write, and Delete

    Add UserA to this custom policy. The policy gives the user the right to set up version control for a flow.