As a security administrator with the PowerUser role, you must assign one or more
DataFlow roles to a user to allow the user to perform tasks in the DataFlow Catalog, the
DataFlow environment, and the NiFi cluster.
Review each of the following DataFlow roles to determine which roles a user requires:
DFCatalogViewer
This role allows a user to perform the following tasks:
View and search flow definitions in the DataFlow Catalog
View and search ReadyFlows in the ReadyFlow Gallery
DFCatalogAdmin
This role allows a user to centrally manage flow definitions and ReadyFlows.
A user with the DFCatalogAdmin role can perform the following tasks in the DataFlow
Catalog:
View and search flow definitions
Import flow definitions
Import new versions of existing flow definitions
View flow definition details
Delete flow definitions
A user with the DFCatalogAdmin role can perform the following tasks in the ReadyFlow
Gallery:
View and search ReadyFlows
Add ReadyFlows to the Catalog
DFAdmin
This role allows a user to manage the lifecycle of a DataFlow environment.
A user with the DFAdmin role can perform the following tasks:
Enable a CDP environment for DataFlow
View an environment
View environment details and DataFlow Settings
Disable an environment
Update resource roles
Grant remote access to an environment
Revoke remote access to an environment
Terminate all running deployments when disabling the DataFlow service for an
environment.
A user with the DFAdmin and PowerUser roles can perform the following additional tasks:
Assign the DFAdmin role to other users
Revoke the DFAdmin role from other users
DFFlowAdmin
This role allows a user to manage flow deployments in a DataFlow environment. In
addition, this role together with either the DFCatalogViewer or DFCatalogAdmin role allows
the user to deploy flows.
A user with the DFFlowAdmin role alone can perform the following tasks:
View a deployment on the dashboard
View deployment details and settings
View a deployment in NiFi
Stop a deployment in NiFi
Suspend a deployment in NiFi
Terminate a deployment in NiFi
Change NiFi version
A user with the DFFlowAdmin and PowerUser roles can perform the following additional
tasks:
Assign the DFFlowAdmin and DFFlowUser roles to other users
Revoke the DFFlowAdmin and DFFlowUser roles from other users
A user with the DFFlowAdmin role and either the DFCatalogViewer or DFCatalogAdmin role
can perform the following additional task:
Deploy flow definitions
DFFlowUser
This role allows a user to view, search, and monitor flow deployments in a DataFlow
environment.
A user with the DFFlowUser role can perform the following tasks:
View a deployment on the dashboard
View deployment details and settings
View a deployment in NiFi
DFDeveloper
This role allows a user to view, search, create, and manage drafts in Flow Designer on
environment level.
A user with the DFDeveloper role can perform the following tasks:
Create a new draft
View all drafts in an environment
View all draft details and settings in an environment
Update all drafts in an environment
Start and end Test Sessions for any draft in an environment
Delete any draft in an environment
A user with the DFDeveloper and the DFCatalogViewer or DFCatalogAdmin roles can perform
the following additional tasks:
Create drafts from flow definitions in the DataFlow Catalog
Create drafts from ReadyFlows in the ReadyFlow Gallery
Publish drafts as flow definitions to the Catalog (DFCatalogAdmin only)
DFProjectsAdmin
This role allows a user to centrally manage Projects.
A user with the DFProjectsAdmin role can perform the following tasks in a tenant:
View and create Projects.
Edit users and groups assigned to Projects.
Delete Projects.
DFProjectCreator
This role allows a user to create and manage Projects on environment level.
A user with the DFProjectCreator role can perform the following tasks:
Create a Project.
Edit a Project.
Manage users and groups assigned to a Project.
For information on configuring CDP user management, see User Management.
