Authorization example

You can review this example to understand how you can enable a flow-management user to perform specific tasks like setting up version control for a flow, by assigning the appropriate Ranger policies.

User A must be able to do the following tasks:

  • Access the NiFi UI.
  • Export a flow.
  • View data queued in connections.
  • View data flowing through.
  • Use a NiFi SSLContextService to connect to SSL-enabled systems.
  • Set up version control for a flow.

Complete the following steps to enable User A to perform the required tasks:

  1. Add User A to the predefined Ranger access policy for NiFi, Flow. Set the permissions to Read.

    The Flow policy gives the user the right to view the NiFi UI.

  2. Create a Ranger access policy for NiFi with:
    • Resource descriptor: /data/process-groups/<ID of process-group>
    • Permission: Read and Write

    Add User A to this custom policy. The policy gives the user the right to export the data, view the data that is queued and flowing through the connections.

  3. Create a Ranger access policy for NiFi with:
    • Resource descriptor: /controller-service/<ID of SSL Context Service>
    • Permission: Read

    Add User A to this custom policy. The policy gives the user the right to use the specified SSLContextService in their flows to connect to SSL-enabled systems.

  4. Create a Ranger access policy for NiFi Registry with:
    • Resource descriptor: /buckets/<ID of bucket>
    • Permission: Read, Write, and Delete

    Add User A to this custom policy. The policy gives the user the right to set up version control for a flow.