Created 11-01-2016 07:55 AM
I have installed and did basic configuration for a four node cluster .As of now there is no secuirty implemented over it. When i am adding a data flow , other members of the team are seeing the same canvas and are able to edit it.
Can't two persons works on the same canvas on diff templates with ananoymous users??
Is it mandatory to install LDAP(or any other mechanism for user authentication) to have multiple users working on thier own dataflows?
Also i there any standard calculation to memory allocations for the repositories ??
Created 11-01-2016 01:17 PM
With Nifi running as http (non-secure) there is no way to differentiate between users who access the UI. To NiFi everyone is the same anonymous user.
Two or more people can still work on their own dataflows within a non-secured NiFi, but there is no way to prevent each user from modifying another users dataflow.
Once NiFi is running as https (secured), some mechanism must be but in place to authenticate the users who will be accessing the canvas. Currently supported user authentication methods include TLS user certificates (default), LDAP, or kerberos. Through user authentication NiFi can now distinguish between users.
After authentication comes authorization. Authorization is handled by NiFi (default) or Apache Ranger. This authorization layer is used to grant specific access policies to specific authenticated users. Things like controlled access to specific components (processors, process groups, controller services, etc.) are handled through this authorization. While every user still access the same canvas, this allows you to control what components can be seen and modified down to a specific user if desired.
Thanks,
Matt
Created 11-01-2016 01:08 PM
If you want to restrict which users can see parts of the flow then you need security enabled. If you don't care who can see what, then it is fine to have many people working on the same canvas. Teams usually create process groups to contain their part of the flow.
Created 11-01-2016 01:17 PM
With Nifi running as http (non-secure) there is no way to differentiate between users who access the UI. To NiFi everyone is the same anonymous user.
Two or more people can still work on their own dataflows within a non-secured NiFi, but there is no way to prevent each user from modifying another users dataflow.
Once NiFi is running as https (secured), some mechanism must be but in place to authenticate the users who will be accessing the canvas. Currently supported user authentication methods include TLS user certificates (default), LDAP, or kerberos. Through user authentication NiFi can now distinguish between users.
After authentication comes authorization. Authorization is handled by NiFi (default) or Apache Ranger. This authorization layer is used to grant specific access policies to specific authenticated users. Things like controlled access to specific components (processors, process groups, controller services, etc.) are handled through this authorization. While every user still access the same canvas, this allows you to control what components can be seen and modified down to a specific user if desired.
Thanks,
Matt