Support Questions

Find answers, ask questions, and share your expertise
Announcements
Celebrating as our community reaches 100,000 members! Thank you!

How to NiFi Registry Users.xml and Authorization.xml migrate to PostgresSQL

avatar
Explorer

Hello,

 

I have successfully migrated the h2 database of registry to Postgres sql but it did not migrate the users.xml and authorizations.xml to postgres.

 

Could you please help in pointing me in right direction on what setting needs to be changed to get migrate the users and authorizations data aswell to Postgres SQL.

@MattWho 

Thanks

Meeran

2 REPLIES 2

avatar
Master Mentor

@Meeran 

The users.xml is created/managed by the File-User-Group-Provider in the Authorizers.xml file. 
The authorizations.xml is created/managed by the File-Access-Policy-provider in the Authoirizers.xml file.

Neither of these providers support using a database for persisting the users, groups, and authorizations.

For more information on the authorization providers, follow the below link:
https://nifi.apache.org/docs/nifi-registry-docs/html/administration-guide.html#authorization

NiFi-Registry supports using an embedded H2 DB (default) or an external DB (Postgres or MySQL) for storing knowledge of which buckets exist, which versioned items belong to which buckets, as well as the version history for each item.  The actual version controlled flows are not stored in the DB
https://nifi.apache.org/docs/nifi-registry-docs/html/administration-guide.html#metadata-database

The actual Version Controlled dataflow data is stored via the configured Persistence provider. The default provider is 
FileSystemFlowPersistenceProvider which writes this data to a directory locally on the NiFi-Registry host.  The other available option is the GitFlowPersistenceProvider which commits this data to a remote Git repository when configured correctly.  For more detail follow below link:
https://nifi.apache.org/docs/nifi-registry-docs/html/administration-guide.html#persistence-providers

 

If you found this response assisted with your query, please take a moment to login and click on "Accept as Solution" below this post.

Thank you,

Matt

avatar
Explorer

Thanks for the reply @MattWho 
Firstly with the below configurations changes in authorizers.xml, I was able to store the users and their related authorization policies in database and I was able to successfully store the users and their permissions in postgresSQL database from registry


<userGroupProvider>
<identifier>database-user-group-provider</identifier>
<class>org.apache.nifi.registry.security.authorization.database.DatabaseUserGroupProvider</class>
<property name="Initial User Identity 1">DEV-ADMIN</property>
</userGroupProvider>

------------------------------

<accessPolicyProvider>
<identifier>database-access-policy-provider</identifier>
<class>org.apache.nifi.registry.security.authorization.database.DatabaseAccessPolicyProvider</class>
<property name="User Group Provider">database-user-group-provider</property>
<property name="Initial Admin Identity">DEV-ADMIN</property>
<property name="NiFi Identity 1"></property>
<property name="NiFi Group Name"></property>
</accessPolicyProvider>

--------------------------------------

<authorizer>
<identifier>managed-authorizer</identifier>
<class>org.apache.nifi.registry.security.authorization.StandardManagedAuthorizer</class>
<property name="Access Policy Provider">database-access-policy-provider</property>
</authorizer>

 

Everything is working perfect. the only need here is to get the existing users.xml and authorizations.xml data migrated to Postgres DB and we can get rid of these files.
Please help