Cloudera Docs

Adding users or groups to Ranger policies

Define access control for NiFi and NiFi Registry by adding users or user groups to Ranger policies.

Ranger polcieis determine what each user or group can modify, control, or observe in NiFi dataflows and in NiFi Registry resources. Each predefined Ranger access policy grants specific privileges to NiFi or NiFi Registry components. Assign users and groups based on their operational responsibilities and the level of access they require.

For details on available policies, see:

  • Predefined Ranger access policies for Apache NiFi
  • Predefined Ranger access policies for Apache NiFi Registry
  • Ensure that Ranger is installed on your Base Cloudera Base on premises cluster.
  • rify that NiFi and NiFi Registry are installed and connected to Ranger.
  1. From the Base cluster, select Ranger from the list of services. Click Ranger Admin Web UI and log into Ranger.

    The Ranger Service Manager page displays.



    Each cluster in the environment is listed under its respective service. For example, the NiFi clusters in the environment are listed under NiFi.

  2. Select a cluster from either the NiFi or NiFi Registry section.

    The List of Policies page appears.



  3. Click the ID for a policy.

    The Edit Policy page appears.

  4. In the Allow Conditions section, add the user or the user group to the Select User field.
  5. Click Save.

The user now has the NiFi and NiFi Registry rights according to the policies you added the user or user group to. These rights are inherited down the hierarchy unless there is a more specific policy on a component.

When you have completed the steps for adding users and groups to Ranger policies, review the steps to deselect unwanted NiFi Registry dependencies to determine whether it applies to your environment.