Created on 03-22-201704:18 PM - edited 08-17-201901:43 PM
In Apache NiFi, Controller Services are shared services that can be used by Processors, Reporting Tasks, and other Controller Services. In order to modify a Controller Service, all referencing components must be stopped. This means that the user attempting to modify the Controller Service, must also have permissions to modify all referencing components. With the introduction of multi-tenant authorization, Controller Service scoping was updated to ensure service usage does not become so broad that it becomes impossible to update the Controller Service because no users are allowed to modified all components that reference it.
Within the dataflow, to scope a Controller Service and limit it's availability, a Controller Service can be created within any Process Group. Controller Services created within a Process Group will be available to all descendent components. This means that the service will be available to all Processors and Controller Services defined in that Process Group and below. In a typical multi-tenant environment users permissions will typically be bound to a Process Group. By scoping the Controller Service in the same manner, it's usage is limited accordingly.
Within the Controller (the infrastructure that executes the dataflow), Controller Service availability is limited to Reporting Tasks and other services defined here. This scoping works in hand with the scoping implemented within the dataflow context. Users with permissions to Reporting Tasks will also have access to services defined here.
Realizing these differences in Controller Service availability was often difficult to understand. However, upcoming UX changes to Controller Services helps alleviate some of these challenges. Below are screenshots for the different contexts and highlight the changes which help understand the service availability.