Cloudera Community

Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search
Announcements
Celebrating as our community reaches 100,000 members! Thank you!

How to NiFi Registry Users.xml and Authorization.xml migrate to PostgresSQL

Labels:
avatar
author-rank Meeran
Explorer

Created on ‎07-13-2022 06:37 AM - edited ‎07-13-2022 08:34 AM

Hello,

 

I have successfully migrated the h2 database of registry to Postgres sql but it did not migrate the users.xml and authorizations.xml to postgres.

 

Could you please help in pointing me in right direction on what setting needs to be changed to get migrate the users and authorizations data aswell to Postgres SQL.

@MattWho 

Thanks

Meeran

1,643 Views
0 Kudos
2 REPLIES 2

avatar
author-rank MattWho author-rank
Super Mentor

Created ‎07-14-2022 06:59 AM

@Meeran 

The users.xml is created/managed by the File-User-Group-Provider in the Authorizers.xml file. 
The authorizations.xml is created/managed by the File-Access-Policy-provider in the Authoirizers.xml file.

Neither of these providers support using a database for persisting the users, groups, and authorizations.

For more information on the authorization providers, follow the below link:
https://nifi.apache.org/docs/nifi-registry-docs/html/administration-guide.html#authorization

NiFi-Registry supports using an embedded H2 DB (default) or an external DB (Postgres or MySQL) for storing knowledge of which buckets exist, which versioned items belong to which buckets, as well as the version history for each item.  The actual version controlled flows are not stored in the DB
https://nifi.apache.org/docs/nifi-registry-docs/html/administration-guide.html#metadata-database

The actual Version Controlled dataflow data is stored via the configured Persistence provider. The default provider is FileSystemFlowPersistenceProvider which writes this data to a directory locally on the NiFi-Registry host.  The other available option is the GitFlowPersistenceProvider which commits this data to a remote Git repository when configured correctly.  For more detail follow below link:
https://nifi.apache.org/docs/nifi-registry-docs/html/administration-guide.html#persistence-providers

 

If you found this response assisted with your query, please take a moment to login and click on "Accept as Solution" below this post.

Thank you,

Matt

1,609 Views
0 Kudos

avatar
author-rank Meeran
Explorer

Created on ‎07-15-2022 06:00 AM - edited ‎07-15-2022 06:02 AM

Thanks for the reply @MattWho 
Firstly with the below configurations changes in authorizers.xml, I was able to store the users and their related authorization policies in database and I was able to successfully store the users and their permissions in postgresSQL database from registry


<userGroupProvider>
<identifier>database-user-group-provider</identifier>
<class>org.apache.nifi.registry.security.authorization.database.DatabaseUserGroupProvider</class>
<property name="Initial User Identity 1">DEV-ADMIN</property>
</userGroupProvider>

------------------------------

<accessPolicyProvider>
<identifier>database-access-policy-provider</identifier>
<class>org.apache.nifi.registry.security.authorization.database.DatabaseAccessPolicyProvider</class>
<property name="User Group Provider">database-user-group-provider</property>
<property name="Initial Admin Identity">DEV-ADMIN</property>
<property name="NiFi Identity 1"></property>
<property name="NiFi Group Name"></property>
</accessPolicyProvider>

--------------------------------------

<authorizer>
<identifier>managed-authorizer</identifier>
<class>org.apache.nifi.registry.security.authorization.StandardManagedAuthorizer</class>
<property name="Access Policy Provider">database-access-policy-provider</property>
</authorizer>

 

Everything is working perfect. the only need here is to get the existing users.xml and authorizations.xml data migrated to Postgres DB and we can get rid of these files.
Please help

1,574 Views
0 Kudos
Announcements
Product Announcements
[ANNOUNCE] Cloudera on Public Cloud Runtime 7.2.18 is GA!
What's New @ Cloudera
Cloudera Operational Database (COD) supports enhancements to...
Community Announcements
March 2024 Community Highlights
Community Announcements
Celebrating 100,000 Members: A Journey of Growth and Connect...
Product Announcements
[ANNOUNCE] New Cloudera JDBC Connector for Apache Hive 2.6.2...
View More Announcements