User and Policy Management
To manage the Users and Policies in Data Integration Platform first go to Security page.
User Management in Data Integration Platform
Follow the below steps to manage users and groups in Data Integration Platform.
Import Users
You can import users directly from User Management Server by clicking Import Users button. For other authentication mode such as Kerberos or LDAP, there will be New User button instead of Import Users to create users.
Add New Group
-
To add new Group, select the Group tab and click New Group button.
-
In the new Group dialog just enter the group name and select the group members. Then click ok to create the group with selected members.
Edit User/Group
- To edit a user or group, click the edit icon in grid for corresponding User/Group.
-
You can edit username and their groups for editing user. You can edit group name and their members for editing group.
Delete User/Group
To delete a User/Group just click the delete icon for the corresponding User/Group in grid.
Policy Management:
Follow the below steps to manage the policies for Users and Groups.
Global Policy Management
View Policies
To view all the global and component policies for User/Group. Just click the “Manage Policy” icon from grid for the corresponding user or group as shown below.
You can find global policies under “Global Policies” tab and component policies under “Component Policies” tab
Add Policy
To add global policy to User/Group, click “Global Policies” tab and click “Add Policy” button as shown below
After clicking “Add Policy” button, select the policy and access mode and click “ADD” button. The policy will get added for User/Group successfully.
Added policy will updated to corresponding user policy grid
Delete Policy
To delete the policy for the User/Group click the delete icon from grid as shown below
NOTE
Policies affiliated via user groups cannot be deleted
Component Policy Management
View Policies
To view the policy for components. First, Select the required components and right click and select “Access Policies”
After clicking the “Access Policies” option Policy management dialog opens with list of users. You can manage the component policy by clicking on “View Policy” icon for the corresponding user
Add policy to user
For adding a policy to user for a corresponding component. Just click the “Add policy” button as shown below
In the Add policies dialog just select the policy and click “ADD” button. The policy will get added for User/Group for the corresponding component
Delete Policy
To delete the component policy for corresponding User/Group. Click the “Delete” icon of corresponding policy in grid.
NOTE
Policies affiliated via user groups cannot be deleted
Policy Details
Global Access Policies
Global access policies govern the following system level authorizations:
|
Policy |
Privilege |
Global Menu Selection |
| view the UI | Allow users to view the UI | N/A |
| access the controller | Allows users to view/modify the controller including Reporting Tasks, Controller Services, and Nodes in the Cluster | Controller Settings |
| query provenance | Allows users to submit a Provenance Search and request Event Lineage | Data Provenance |
| access restricted components | Allows users to create/modify restricted components assuming otherwise sufficient permissions | N/A |
| access all policies | Allows users to view/modify the policies for all components | Policies |
| access users/user groups | Allows users to view/modify the users and user groups | Users |
| retrieve site-to-site details | Allows other NiFi instances to retrieve Site-To-Site details | N/A |
| view system diagnostics | Allows users to view System Diagnostics | Summary |
| proxy user requests | Allows proxy machines to send requests on the behalf of others | N/A |
| access counters | Allows users to view/modify Counters | Counters |
Component Level Access Policies
Component level access policies govern the following component level authorizations:
|
Policy |
Privilege |
| view the component | Allows users to view component configuration details |
| modify the component | Allows users to modify component configuration details |
| view the data | Allows user to view metadata and content for this component through provenance data and flowfile queues in outbound connections |
| modify the data | Allows user to empty flowfile queues in outbound connections and submit replays |
| view the policies | Allows users to view the list of users who can view/modify a component |
| modify the policies | Allows users to modify the list of users who can view/modify a component |
| receive data via site-to-site | Allows a port to receive data from NiFi instances |
| send data via site-to-site | Allows a port to send data from NiFi instances |