DataFlow security
As a security administrator, understand the out-of-the box security features as well as the tasks that you need to perform to authorize CDP users.
CDP provides the following security features:
- User authentication
- Role-based user authorization
- Data encryption
User authentication
Users are automatically authenticated through the CDP identity provider. For more information, see CDP Security Overview.
Role-based user authorization
DataFlow roles allow you to set user permissions. Assign one or more of the following roles
to a CDP user:
- To enable a user to view and search flow definitions and ReadyFlows, assign the DFCatalogViewer role.
- To enable a user to import and manage flow definitions in the DataFlow Catalog and add ReadyFlows to the DataFlow Catalog, assign the DFCatalogAdmin role.
- To enable a user to manage the lifecycle of a DataFlow environment, assign the DFAdmin role.
- To enable a user to manage flow deployments such as view a flow deployment in NiFi, suspend or terminate a flow deployment, or change the NiFi version, assign the DFFlowAdmin role.
- To enable a user to manage flow deployments and deploy flow definitions, assign the DFFlowAdmin role and either the DFCatalogViewer or DFCatalogAdmin role.
- To enable a user to view, search, and monitor deployed flows, assign the DFFlowUser role.
For more information on the DataFlow roles, see DataFlow Authorization.
Data encryption
CDP encrypts data at rest and in motion.
- Data at rest
- When you import a flow definition, the flow definition is encrypted and stored in the DataFlow Catalog. DataFlow Catalog is a service that enables you to manage flow definitions centrally.
- Data in transit
- When you deploy a flow, the encrypted flow definition is transferred to your cloud account where it is decrypted and deployed. During a flow deployment, data can be transferred between servers, systems, applications, and users. Every transfer is a secure and trusted exchange through TLS. Through cryptographic protocols, TLS encrypts and authenticates: