Support Questions

Find answers, ask questions, and share your expertise
Announcements
Celebrating as our community reaches 100,000 members! Thank you!

How to plan the Multi-Tenant Authorization on Cloudera Flow Management 1.0.1?

avatar
Expert Contributor

Hello!

Urgent problem
I'm working on Cloudera Flow Management 1.0.1 and to evaluate the feasibility to move HDF to CDF.
I'm meeting a problem that is how to config the Multi-Tenant Authorization with kerberos/LDAP in cloudera manager.
Could you please help me for the following questions ?
 For HDF, there is apache ranger  can config and implement the Multi-Tenant Authorization. It can be config in Ranger Admin GUI. How can I do the Multi-Tenant Authorization like HDF with CFM?

   Thanks,

Paul

1 ACCEPTED SOLUTION

avatar
Super Mentor

@Paul Yang 

 

Ranger is not offered in CFM, but will become part of the platform in the future.

The only authorization offering within NiFi and NiFi-Registry within CFM is the local file based authorizer. NiFi user and group authorization is controlled via the NiFi UI instead of through an external authorization provider like Ranger.  This same local file base authorization was also an option in HDF.

https://docs.cloudera.com/cfm/1.0.1/securing-cfm/topics/cfm-enabling-tls.html

You can configure NiFi to sync users and groups from LDAP also.  You can then through the NiFi UI assign authorization policies to these sync'd user and groups.

 

Thank you,

Matt

https://docs.cloudera.com/cfm/1.0.1/securing-cfm/topics/cfm-nifi-user-sync-ldap-properties.html

View solution in original post

2 REPLIES 2

avatar
Super Mentor

@Paul Yang 

 

Ranger is not offered in CFM, but will become part of the platform in the future.

The only authorization offering within NiFi and NiFi-Registry within CFM is the local file based authorizer. NiFi user and group authorization is controlled via the NiFi UI instead of through an external authorization provider like Ranger.  This same local file base authorization was also an option in HDF.

https://docs.cloudera.com/cfm/1.0.1/securing-cfm/topics/cfm-enabling-tls.html

You can configure NiFi to sync users and groups from LDAP also.  You can then through the NiFi UI assign authorization policies to these sync'd user and groups.

 

Thank you,

Matt

https://docs.cloudera.com/cfm/1.0.1/securing-cfm/topics/cfm-nifi-user-sync-ldap-properties.html

avatar
Expert Contributor

@Matt

Thank you, 

I'm doing what you point me to do.