Adding user to a pre-defined Ranger access policy

When a user attempts to view or modify a NiFi or NiFi Registry resource, the system checks whether this user has privileges to perform that action. These privileges are determined by the Ranger access policies that a user is associated with.

You can determine what the user can command, control, and observe in a NiFi dataflow or in NiFi Registry and accordingly add the user or a group of users to the appropriate pre-defined Ranger access policies.

Each pre-defined Ranger access policy confers specific rights to NiFi or NiFi Registry resources.

For more information, see:
  • Pre-defined Ranger access policies for NiFi resources
  • Pre-defined Ranger access policies for NiFi Registry resources
Ensure that you meet the following prerequisites:
  • You have installed NiFi and NiFi Registry.
  • You have determined the permission level for each user.
  1. From the Base cluster, select Ranger from the list of services. Click Ranger Admin Web UI and log into Ranger.

    The Ranger Service Manager page displays.

    Each cluster in the environment is listed under its respective service. For example, the NiFi clusters in the environment are listed under NiFi.

  2. Select a cluster from either the NiFi or NiFi Registry section.
    The List of Policies page appears.

  3. Click the ID for a policy.
    The Edit Policy page appears.
  4. In the Allow Conditions section, add the user or the user group to the Select User field.
  5. Click Save.
The user now has the NiFi and NiFi Registry rights according to the policies you added the user or user group to. These rights are inherited down the hierarchy unless there is a more specific policy on a component.