apache-nifidataflowhortonworks-dataflow

How to give all permissions to Admin users in NiFi


I have just setup NiFi SSL with Kerberos authentication and added myself as Initial Admin User.

After login, I was able to create flows and attach policies and everything for other users. But I was not able to view Query Provenance for any of the Flows.

After Googling I figured out that I have to give separate permissions for each Process Group or at root level for my user to view this information.

Is there a way to give ALL permissions to Admin users? Data Provenance option itself was not enabled for me by default and I had to add a policy for that. Please let me know if I have configured something wrong or that's how it works.

NiFi version 1.8.0

I have used the following docs for setup:

  1. SSL configuration

  2. Initial Admin Configuration Source1, Source2


Solution

  • The concept of an admin user is really just a logical concept, there aren't actually any roles in NiFi. There is resource based access control where users and groups must be granted access to various resources.

    The "Initial Admin" concept was created as a way to help get a new instance setup and give one user enough access to grant other users whatever they need. After that it is up to that user to manage users/groups however they want to. You could create a group called "Admin" and give that group whatever permissions you think an admin should have.