Support Questions

Find answers, ask questions, and share your expertise
Announcements
Celebrating as our community reaches 100,000 members! Thank you!

Nifi Hide Flows

avatar
Contributor

Hi Team,

Is there any option to hide flows in user based because, we have multiple user environment i dont want to see other users flow even flow name when i logged in is that any option available in nifi?

Because auditing and security point of this is the first point management is asking..

1 ACCEPTED SOLUTION

avatar
Super Mentor
@Anishkumar Valsalam

If I am understanding correctly, you have a single NIFi installation that contains multiple different dataflows each managed/built by different users/teams.

You don't want users from these different teams to be able to see the dataflows built by other teams. correct?

NiFi granular access policies allow you to control what users can see and interface with. Any component for which a user has not been granted view the component or modify the component will appear only as a ghost component on the canvas.

19574-screen-shot-2017-07-25-at-112855-am.png

As you can see above there are several processors and process groups my currently authenticated user does not have access to view or modify. This user can not view the configuration, move the component, start it, stop it, view its data, delete data or even see the component name or type.

If you are asking to even hide these ghosted components the canvas, that is not an option.

There are important reason why these ghost components are visible to all users.

1. You may have user that work on multiple teams. If users cannot see ghosted components they are likely to build their dataflow on top of other dataflows on the canvas. This means user who can see multiple dataflows with be presented with a mess of a canvas to work with as components would be stack upon each other.

2. Ultimately all the dataflows in a single NiFi share the same set of resources. While a user in team 1 may not be able to see the details of other teams dataflow, it is still important that users in team 1 can see when back pressure or very large queues exist in other teams groups since that can ultimately have an impact on their dataflows. Team 1 user will not be able to see the actual data just queue counts.

3. Sometimes their are multiple team dataflows that share the same source data. For example and ConsumeKafka processor that feeds "success" relationship multiple times int to different teams dataflows. If we hide components completely, how would we render these other success relationships? If we jus hide them as well, the source processor would appear as only having one outbound connection. This would make it impossible for team1 to troubleshoot id ConsumeKafka just stopped consuming because one of these non visible connections where applying back pressure.

Thanks,

Matt

View solution in original post

3 REPLIES 3

avatar
Super Mentor
@Anishkumar Valsalam

If I am understanding correctly, you have a single NIFi installation that contains multiple different dataflows each managed/built by different users/teams.

You don't want users from these different teams to be able to see the dataflows built by other teams. correct?

NiFi granular access policies allow you to control what users can see and interface with. Any component for which a user has not been granted view the component or modify the component will appear only as a ghost component on the canvas.

19574-screen-shot-2017-07-25-at-112855-am.png

As you can see above there are several processors and process groups my currently authenticated user does not have access to view or modify. This user can not view the configuration, move the component, start it, stop it, view its data, delete data or even see the component name or type.

If you are asking to even hide these ghosted components the canvas, that is not an option.

There are important reason why these ghost components are visible to all users.

1. You may have user that work on multiple teams. If users cannot see ghosted components they are likely to build their dataflow on top of other dataflows on the canvas. This means user who can see multiple dataflows with be presented with a mess of a canvas to work with as components would be stack upon each other.

2. Ultimately all the dataflows in a single NiFi share the same set of resources. While a user in team 1 may not be able to see the details of other teams dataflow, it is still important that users in team 1 can see when back pressure or very large queues exist in other teams groups since that can ultimately have an impact on their dataflows. Team 1 user will not be able to see the actual data just queue counts.

3. Sometimes their are multiple team dataflows that share the same source data. For example and ConsumeKafka processor that feeds "success" relationship multiple times int to different teams dataflows. If we hide components completely, how would we render these other success relationships? If we jus hide them as well, the source processor would appear as only having one outbound connection. This would make it impossible for team1 to troubleshoot id ConsumeKafka just stopped consuming because one of these non visible connections where applying back pressure.

Thanks,

Matt

avatar
Contributor

@Matt Clarke

Thanks for the detailed answer i will accept this 🙂 before that the allignment of flow is so messy is that any options to arrange?

My NiFi - Version 1.1

avatar
Super Mentor

NiFi 1.2.0 added some alignment tools, but nothing is available NiFi 1.1.0.

IN NiFi 1.20 you can select multiple components, right click to open context menu and select to align them vertically or horizontally.

19576-screen-shot-2017-07-25-at-124202-pm.png ----> 19577-screen-shot-2017-07-25-at-124300-pm.png

These tools can't be used to align an entire canvas at once, but it gives you the ability to easily line up single rows or columns of processor components.

In the future try to keep unrelated questions to different Hortonworks Community Connection (HCC) posts. Other HCC contributors are likely to miss questions asked within the context of an answer to another question.

Thanks,

Matt