Support Questions

Find answers, ask questions, and share your expertise
Announcements
Celebrating as our community reaches 100,000 members! Thank you!

What is the provenance access resource identifier for Ranger and Nifi 1.7?

avatar

The HDF 3.2 release notes mention that provenance and data access policies have been separated in nifi 1.7. The release notes do not mention what resource identifiers should be entered in ranger to give users access to provenance. Looking at the nifi release notes is similarly unhelpul.

my ranger nifi resource identifiers for data look like /data/process-groups/<uuid>

but /provenance/process-groups/<uuid> appears not to work

I would like to give people access to view any provenance events associated with components underneath a certain process group.

What ranger nifi resource identifier should I use?

1 ACCEPTED SOLUTION

avatar

I finally found the policy by looking at https://github.com/apache/nifi/pull/2703/files

It is

/provenance-data/<component-type>/<component-UUID>

View solution in original post

2 REPLIES 2

avatar

I finally found the policy by looking at https://github.com/apache/nifi/pull/2703/files

It is

/provenance-data/<component-type>/<component-UUID>

avatar
Guru
@David Miller

For reference, the resource descriptors for the different component level access policies can be found in the NiFi Admin Guide, specifically:

https://nifi.apache.org/docs/nifi-docs/html/administration-guide.html#component-level-access-policie...