Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

How to plan the Multi-Tenant Authorization on Cloudera Flow Management 1.0.1?

Solved Go to solution

How to plan the Multi-Tenant Authorization on Cloudera Flow Management 1.0.1?

Explorer

Hello!

Urgent problem
I'm working on Cloudera Flow Management 1.0.1 and to evaluate the feasibility to move HDF to CDF.
I'm meeting a problem that is how to config the Multi-Tenant Authorization with kerberos/LDAP in cloudera manager.
Could you please help me for the following questions ?
 For HDF, there is apache ranger  can config and implement the Multi-Tenant Authorization. It can be config in Ranger Admin GUI. How can I do the Multi-Tenant Authorization like HDF with CFM?

   Thanks,

Paul

1 ACCEPTED SOLUTION

Accepted Solutions

Re: How to plan the Multi-Tenant Authorization on Cloudera Flow Management 1.0.1?

Master Guru

@Paul Yang 

 

Ranger is not offered in CFM, but will become part of the platform in the future.

The only authorization offering within NiFi and NiFi-Registry within CFM is the local file based authorizer. NiFi user and group authorization is controlled via the NiFi UI instead of through an external authorization provider like Ranger.  This same local file base authorization was also an option in HDF.

https://docs.cloudera.com/cfm/1.0.1/securing-cfm/topics/cfm-enabling-tls.html

You can configure NiFi to sync users and groups from LDAP also.  You can then through the NiFi UI assign authorization policies to these sync'd user and groups.

 

Thank you,

Matt

https://docs.cloudera.com/cfm/1.0.1/securing-cfm/topics/cfm-nifi-user-sync-ldap-properties.html

2 REPLIES 2

Re: How to plan the Multi-Tenant Authorization on Cloudera Flow Management 1.0.1?

Master Guru

@Paul Yang 

 

Ranger is not offered in CFM, but will become part of the platform in the future.

The only authorization offering within NiFi and NiFi-Registry within CFM is the local file based authorizer. NiFi user and group authorization is controlled via the NiFi UI instead of through an external authorization provider like Ranger.  This same local file base authorization was also an option in HDF.

https://docs.cloudera.com/cfm/1.0.1/securing-cfm/topics/cfm-enabling-tls.html

You can configure NiFi to sync users and groups from LDAP also.  You can then through the NiFi UI assign authorization policies to these sync'd user and groups.

 

Thank you,

Matt

https://docs.cloudera.com/cfm/1.0.1/securing-cfm/topics/cfm-nifi-user-sync-ldap-properties.html

Re: How to plan the Multi-Tenant Authorization on Cloudera Flow Management 1.0.1?

Explorer

@Matt

Thank you, 

I'm doing what you point me to do.

 

Don't have an account?
Coming from Hortonworks? Activate your account here