Adding users or groups to Ranger policies

Manage what users can access or control by adding users or user groups to Ranger policies.

Determine what the user can command, control, and observe in a NiFi dataflow or in NiFi Registry and accordingly add the user or a group of users to the appropriate predefined Ranger access policies.

Each predefined Ranger access policy confers specific rights to NiFi or NiFi Registry resources.

For more information, see:

  • Predefined Ranger access policies for Apache NiFi
  • Predefined Ranger access policies for Apache NiFi Registry
  • You have installed Ranger on your Base CDP Private Cloud Base cluster.
  • You have added and connected the NiFi and NiFi Registry services.
  1. From the Base cluster, select Ranger from the list of services. Click Ranger Admin Web UI and log into Ranger.

    The Ranger Service Manager page displays.



    Each cluster in the environment is listed under its respective service. For example, the NiFi clusters in the environment are listed under NiFi.

  2. Select a cluster from either the NiFi or NiFi Registry section.
    The List of Policies page appears.


  3. Click the ID for a policy.
    The Edit Policy page appears.
  4. In the Allow Conditions section, add the user or the user group to the Select User field.
  5. Click Save.

The user now has the NiFi and NiFi Registry rights according to the policies you added the user or user group to. These rights are inherited down the hierarchy unless there is a more specific policy on a component.

When you have completed the steps for adding users and groups to Ranger policies, review the steps to deselect unwanted NiFi Registry dependencies and determine whether this task applies to you.