Support Questions

david_miller · ‎08-22-2018

The HDF 3.2 release notes mention that provenance and data access policies have been separated in nifi 1.7. The release notes do not mention what resource identifiers should be entered in ranger to give users access to provenance. Looking at the nifi release notes is similarly unhelpul.

my ranger nifi resource identifiers for data look like /data/process-groups/<uuid>

but /provenance/process-groups/<uuid> appears not to work

I would like to give people access to view any provenance events associated with components underneath a certain process group.

What ranger nifi resource identifier should I use?

david_miller · ‎08-22-2018

I finally found the policy by looking at https://github.com/apache/nifi/pull/2703/files

It is

/provenance-data/<component-type>/<component-UUID>

View solution in original post

david_miller · ‎08-22-2018

I finally found the policy by looking at https://github.com/apache/nifi/pull/2703/files

It is

/provenance-data/<component-type>/<component-UUID>

alim · ‎08-27-2018

@David Miller

For reference, the resource descriptors for the different component level access policies can be found in the NiFi Admin Guide, specifically:

https://nifi.apache.org/docs/nifi-docs/html/administration-guide.html#component-level-access-policie...

Cloudera Community

Support Questions

What is the provenance access resource identifier for Ranger and Nifi 1.7?