DataFlow authorization

As a security administrator with the PowerUser role, you must assign one or more DataFlow roles to a user to allow the user to perform tasks in the DataFlow Catalog, the DataFlow environment, and the NiFi cluster.

Review each of the following DataFlow roles to determine which roles a user requires:

DFCatalogViewer
This role allows a user to perform the following tasks:
  • View and search flow definitions in the DataFlow Catalog
  • View and search ReadyFlows in the ReadyFlow Gallery
DFCatalogAdmin
This role allows a user to centrally manage flow definitions and ReadyFlows.
A user with the DFCatalogAdmin role can perform the following tasks in the DataFlow Catalog:
  • View and search flow definitions
  • Import flow definitions
  • Import new versions of existing flow definitions
  • View flow definition details
  • Delete flow definitions
A user with the DFCatalogAdmin role can perform the following tasks in the ReadyFlow Gallery:
  • View and search ReadyFlows
  • Add ReadyFlows to the Catalog
DFAdmin
This role allows a user to manage the lifecycle of a DataFlow environment.
A user with the DFAdmin role can perform the following tasks:
  • Enable a CDP environment for DataFlow
  • View an environment
  • View environment details and DataFlow Settings
  • Disable an environment
  • Update resource roles
  • Grant remote access to an environment
  • Revoke remote access to an environment
  • Terminate all running deployments when disabling the DataFlow service for an environment.
A user with the DFAdmin and PowerUser roles can perform the following additional tasks:
  • Assign the DFAdmin role to other users
  • Revoke the DFAdmin role from other users
DFFlowAdmin
This role allows a user to manage flow deployments in a DataFlow environment. In addition, this role together with either the DFCatalogViewer or DFCatalogAdmin role allows the user to deploy flows.
A user with the DFFlowAdmin role alone can perform the following tasks:
  • View a deployment on the dashboard
  • View deployment details and settings
  • View a deployment in NiFi
  • Suspend a deployment in NiFi
  • Terminate a deployment in NiFi
  • Change NiFi version
A user with the DFFlowAdmin and PowerUser roles can perform the following additional tasks:
  • Assign the DFFlowAdmin and DFFlowUser roles to other users
  • Revoke the DFFlowAdmin and DFFlowUser roles from other users
A user with the DFFlowAdmin role and either the DFCatalogViewer or DFCatalogAdmin role can perform the following additional task:
  • Deploy flow definitions
DFFlowUser
This role allows a user to view, search, and monitor flow deployments in a DataFlow environment.
A user with the DFFlowUser role can perform the following tasks:
  • View a deployment on the dashboard
  • View deployment details and settings
  • View a deployment in NiFi

For information on CDP user management, see User Management.