Support Questions
Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Advanced Search

Adding policies to newly added users by Initial Admin

Labels:
zeeshan_corneli
New Contributor

Created ‎12-19-2017 03:17 PM

I set up https locally for nifi version: 1.4 and am able to successfully login to UI through client certificate. But I cannot seem to add policies to new users I create in reference to the steps described in the answer here.

My authorizations.xml looks like authorizations.xml and my users.xml like users.xml.

Really need help with where I am doing it wrong.

Appreciate it!

Preview file
1 KB
Preview file
3 KB
Reply
1,540 Views
0 Kudos
2 REPLIES 2

pvillard
Guru

Created ‎12-22-2017 03:46 PM

Hi @Zeeshan Cornelius,

To have something configurable from NiFi UI (allowing you to manage users/groups from the Users view), I believe you'd need to go through the definition of a Composite Configurable User Group provider. Your authorizers.xml file should look like:

<authorizers>

    <userGroupProvider>
        <identifier>file-user-group-provider</identifier>
        <class>org.apache.nifi.authorization.FileUserGroupProvider</class>
        <property name="Users File">./conf/users.xml</property>
        <property name="Legacy Authorized Users File"></property>
        <property name="Initial User Identity 1">admin</property>
    </userGroupProvider>

    <userGroupProvider>
        <identifier>composite-configurable-user-group-provider</identifier>
        <class>org.apache.nifi.authorization.CompositeConfigurableUserGroupProvider</class>
        <property name="Configurable User Group Provider">file-user-group-provider</property>
    </userGroupProvider>

    <accessPolicyProvider>
        <identifier>file-access-policy-provider</identifier>
        <class>org.apache.nifi.authorization.FileAccessPolicyProvider</class>
        <property name="User Group Provider">composite-configurable-user-group-provider</property>
        <property name="Authorizations File">./conf/authorizations.xml</property>
        <property name="Initial Admin Identity">admin</property>
        <property name="Legacy Authorized Users File"></property>
    </accessPolicyProvider>

    <authorizer>
        <identifier>managed-authorizer</identifier>
        <class>org.apache.nifi.authorization.StandardManagedAuthorizer</class>
        <property name="Access Policy Provider">file-access-policy-provider</property>
    </authorizer>

</authorizers>

Let me know if this helps,

Pierre.

Reply
1,155 Views
0 Kudos

pvillard
Guru

Created ‎12-22-2017 03:54 PM

Or... since you're not using a LDAP, you could directly use the File Authorizer instead of the managed one:

    <authorizer>
        <identifier>file-provider</identifier>
        <class>org.apache.nifi.authorization.FileAuthorizer</class>
        <property name="Authorizations File">./conf/authorizations.xml</property>
        <property name="Users File">./conf/users.xml</property>
        <property name="Initial Admin Identity"></property>
        <property name="Legacy Authorized Users File"></property>

        <property name="Node Identity 1"></property>
    </authorizer>

And then just reference this idenfitier in nifi.properties file:

nifi.security.user.authorizer=file-provider
Reply
1,155 Views
0 Kudos
Don't have an account?
Register
Announcements
Community Announcements
Taking action on community member feedback - content discovery
What's New @ Cloudera
Cloudera DataFlow for the Public Cloud is now generally available on Microsoft Azure and supports Apache NiFi 1.15
What's New @ Cloudera
CDP Operational Database supports ephemeral storage on Azure
What's New @ Cloudera
CDP Operational Database (COD) is available on Google Cloud Platform (GCP) as Technical Preview
What's New @ Cloudera
CDP Operational Database provides HDFS as a storage option
View More Announcements