File-based authorization
When Ranger is not selected as a dependency during installation, NiFi or NiFi Registry’s internal file-based authorizer will be used for authorization.
When Ranger is not selected, the NiFi and NiFi Registry CSD scripts will perform the
following steps:
- By default, during start-up, NiFi and NiFi Registry will create the following files in
/var/lib/nifi and /var/lib/nifiregistry:
- users.xml
- authorizations.xml
These files will include the users and policies for the Initial Admin Identity, Initial Admin Groups, and proxy group.
- Create policies for the following Initial Admin Identity and Initial Admin Groups:
- For NiFi: nifi.initial.admin.identity and nifi.initial.admin.groups
- For NiFi Registry: nifi.registry.initial.admin.identity and nifi.registry.initial.admin.groups
- Create policies for proxies specified by nifi.proxy.group or nifi.registry.proxy.group.
Each authorizers.xml file produced in NiFi and NiFi Registry when using file-based authorization contains the following logical configuration:
- CompositeConfigurableUserGroupProvider
- FileUserGroupProvider
- CMUserGroupProvider
- FileAccessPolicyProvider
- Configured with the CompositeConfigurableUserGroupProvider
- StandardManagedAuthorizer
- Configured with FileAccessPolicyProvider