Cloudera Community
jirungaray
user rank
New Contributor

Re: Age Off Duration

by Master Mentor Master Mentor in Support Questions
‎03-03-2025 09:26 AM
‎03-03-2025 09:26 AM
@jirungaray  The DistributedMapCacheServer controller service sets up a cache server which will keep all cached objects in NiFi's JVM heap memory.  This cache is lost if the controller service is disabled/re-enabled or if NiFi were to restart unless the "Persistence Directory" is configured.  The persistence directory is some local disk directory where cache entries are persisted in addition to those cache entries also being in Heap memory.  The persistence to disk allows the in memory cache to be reloaded if the cache server is disabled/re-enabled or NiFi is restarted.  I assume this is the cache server you are currently using. Matt ... View more

Re: Cloudera NiFi - Automatic policy creation

by Master Mentor Master Mentor in Support Questions
‎01-21-2025 06:16 AM
‎01-21-2025 06:16 AM
@jirungaray  Cloudera Flow Management (Based on Apache NiFi) provides multiple methods for managing user authorization.  This includes NiFi internally via the File-Access-Policy-Provider and externally via Apache Ranger.  There is no built in mechanism for auto setting up authorization policies for users or groups with the exception of the Initial Admin and Initial NiFi Node authorizations. Many of the Authorization policies are directly related to the components added to the canvas.  Those components are assigned unique IDs making it impossible to  create policies before the components exist.  File-Access-Policy-Porvider:  This provider utilizes a file on disk (authorizations.xml) to persists authorization policies.  This file is loaded when NiFi starts.  This means it is possible to manually generate this file and have NiFi load it on startup.   Also as you mentioned, you could script out the authorization creating through NiFi Rest-API calls.  Ranger provider: This moves authorization responsibility over to Apache Ranger.  Policies setup within Ranger are download by the NiFi nodes where they are locally enforced.  No matter which authorizer you choose to use, authorizations are easiest to manage via groups.  Typical users setup ldap groups for various NiFi roles (admins, team 1, team2, etc..) and makes specific users members of these groups.  This simplifies authorization since you can authorizer these groups instead of the individual users. Simply adding or removing a user as member of one of these authorized groups gives or removes authorized access to the NiFi resource identifier (NiFi policy).  The ldap-user-group-provider can be added to the NiFi authorizers.xml to auto manage syncing of user and group identities from your AD/LDAP further simplifying management over the file-user-group-provider method which requires the manual adding of user and group identifiers to the NiFi. Please help our community thrive. If you found any of the suggestions/solutions provided helped you with solving your issue or answering your question, please take a moment to login and click "Accept as Solution" on one or more of them that helped. Thank you, Matt   ... View more
Contact Me
Online
Offline
Last Visited
‎03-17-2025 06:27 PM
Community Statistics
Member Since ‎11-25-2024 09:58 AM
Last Visited ‎03-17-2025 06:27 PM
Posts 3