Support Questions

Find answers, ask questions, and share your expertise

One Nifi Registry with secure bucket

Hi Community !


I have build a new design with a single Nifi Registry to communicate with Nifi development / staging / production platform.
Before this implementation, we built a Nifi Registry for each Nifi cluster.

Before :


Now :


Pictures Source :


Something unexpected comes up.


Distinction between dev / staging / production environnement are making with different name of bucket like :
- DEV_mybucket
- STAG_mybucket
- PROD_mybucket


On my environnement Nifi development, people from "Team A" can versionned flow in bucket DEV_mybucket.
To deploy on staging, it's very easy to exporting versionned flow from DEV_mybucket and importing to the STAG_mybucket.


On my development cluster Nifi, to exclude versionning flow in bucket STAG_mybucket I was thinking to secure those buckets with the policies but ...


Using proxy user requests :
- Nifi dev Cluster allows to process requests with read and write


People belongs to "Team A" are allowed to manage bucket DEV_mybucket (read and write) and STAG_mybucket (read and write) to deploy on the staging nifi env.
Problem : from the nifi dev cluster, a user from the team A can versioned flow in the bucket DEV_mybucket but also in the bucket STAG_mybucket.


I'm trying to find a solution not authorized the Nifi dev Cluster to read or access to the bucket STAG_mybucket. I've tried many way without success.


I have read this article by Byran Brende :
It seems unlikely to be realizable but I want to hope !


If you have any proposition. Thanks for your help

Take a Tour of the Community
Don't have an account?
Your experience may be limited. Sign in to explore more.