Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

What is the provenance access resource identifier for Ranger and Nifi 1.7?

Solved Go to solution

What is the provenance access resource identifier for Ranger and Nifi 1.7?

The HDF 3.2 release notes mention that provenance and data access policies have been separated in nifi 1.7. The release notes do not mention what resource identifiers should be entered in ranger to give users access to provenance. Looking at the nifi release notes is similarly unhelpul.

my ranger nifi resource identifiers for data look like /data/process-groups/<uuid>

but /provenance/process-groups/<uuid> appears not to work

I would like to give people access to view any provenance events associated with components underneath a certain process group.

What ranger nifi resource identifier should I use?

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted

Re: What is the provenance access resource identifier for Ranger and Nifi 1.7?

I finally found the policy by looking at https://github.com/apache/nifi/pull/2703/files

It is

/provenance-data/<component-type>/<component-UUID>

View solution in original post

2 REPLIES 2
Highlighted

Re: What is the provenance access resource identifier for Ranger and Nifi 1.7?

I finally found the policy by looking at https://github.com/apache/nifi/pull/2703/files

It is

/provenance-data/<component-type>/<component-UUID>

View solution in original post

Highlighted

Re: What is the provenance access resource identifier for Ranger and Nifi 1.7?

Guru
@David Miller

For reference, the resource descriptors for the different component level access policies can be found in the NiFi Admin Guide, specifically:

https://nifi.apache.org/docs/nifi-docs/html/administration-guide.html#component-level-access-policie...

Don't have an account?
Coming from Hortonworks? Activate your account here