Repository: nifi Updated Branches: refs/heads/master c1c052af7 -> 120d2100a
NIFI-2502 This closes #797. Update Multi-tenant Authorization section in Admin Guide for addition of data policies Project: http://git-wip-us.apache.org/repos/asf/nifi/repo Commit: http://git-wip-us.apache.org/repos/asf/nifi/commit/026a8d53 Tree: http://git-wip-us.apache.org/repos/asf/nifi/tree/026a8d53 Diff: http://git-wip-us.apache.org/repos/asf/nifi/diff/026a8d53 Branch: refs/heads/master Commit: 026a8d53d23aeea31220ad9e224fdcb323eebe22 Parents: c1c052a Author: Andrew Lim <[email protected]> Authored: Fri Aug 5 14:44:39 2016 -0400 Committer: joewitt <[email protected]> Committed: Mon Aug 8 09:53:56 2016 -0400 ---------------------------------------------------------------------- .../src/main/asciidoc/administration-guide.adoc | 37 ++++++++++++++++--- .../images/process-group-modify-policy.png | Bin 82788 -> 84716 bytes .../images/process-group-view-policy.png | Bin 82721 -> 84686 bytes .../asciidoc/images/processor-modify-policy.png | Bin 100835 -> 103896 bytes .../asciidoc/images/processor-view-policy.png | Bin 101687 -> 104448 bytes 5 files changed, 32 insertions(+), 5 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/nifi/blob/026a8d53/nifi-docs/src/main/asciidoc/administration-guide.adoc ---------------------------------------------------------------------- diff --git a/nifi-docs/src/main/asciidoc/administration-guide.adoc b/nifi-docs/src/main/asciidoc/administration-guide.adoc index e39dee4..a29602f 100644 --- a/nifi-docs/src/main/asciidoc/administration-guide.adoc +++ b/nifi-docs/src/main/asciidoc/administration-guide.adoc @@ -381,9 +381,33 @@ Here is an example entry: </authorizers> ---- -After you have edited and saved the 'authorizers.xml' file, restart NiFi. Users and roles from the 'authorized-users.xml' file are converted and added as identities and policies in the 'authorizations.xml' file. Once the application starts, users who previously had a legacy Admin role can access the UI and begin managing users, groups, and policies. - -NiFi fails to restart if values exist for both the âInitial Admin Identityâ and âLegacy Authorized Users Fileâ properties. You can specify only one of these values to initialize authorizations. +After you have edited and saved the 'authorizers.xml' file, restart NiFi. Users and roles from the 'authorized-users.xml' file are converted and added as identities and policies in the 'authorizations.xml' file. Once the application starts, users who previously had a legacy Administrator role can access the UI and begin managing users, groups, and policies. + +Here is a summary of policies assigned to each legacy role if the NiFi instance has an existing flow.xml.gz: + +[cols=">s,^s,^s,^s,^s,^s,^s", options="header"] +|========================== +| | Admin | DFM | Monitor | Provenance | NiFi | Proxy +|view the UI |* |* |* | | | +|view the controller |* |* |* | |* | +|modify the controller | |* | | | | +|view system diagnostics | |* |* | | | +|view the dataflow |* |* |* | | | +|modify the dataflow | |* | | | | +|view the users/groups |* | | | | | +|modify the users/groups |* | | | | | +|view policies |* | | | | | +|modify policies |* | | | | | +|query provenance | | | |* | | +|view the data | |* | |* | |* +|modify the data | |* | | | |* +|retrieve site-to-site details | | | | |* | +|send proxy user requests | | | | | |* +|========================== + +For details on the policies in the table, see <<access-policies>>. + +NOTE: NiFi fails to restart if values exist for both the âInitial Admin Identityâ and âLegacy Authorized Users Fileâ properties. You can specify only one of these values to initialize authorizations. NOTE: Do not manually edit the 'authorizations.xml' file. Create authorizations only during initial setup and afterwards using the NiFi UI. @@ -517,8 +541,11 @@ Component level access policies govern the following component level authorizati |modify the component |Allows users to modify component configuration details -|view the provenance events -|Allows users to access provenance events and content for a component +|view the data +|Allows user to view metadata and content for this component through provenance data and flowfile queues in outbound connections + +|modify the data +|Allows user to empty flowfile queues in outbound connections and submit replays |view the policies |Allows users to view the list of users who can view/modify a component http://git-wip-us.apache.org/repos/asf/nifi/blob/026a8d53/nifi-docs/src/main/asciidoc/images/process-group-modify-policy.png ---------------------------------------------------------------------- diff --git a/nifi-docs/src/main/asciidoc/images/process-group-modify-policy.png b/nifi-docs/src/main/asciidoc/images/process-group-modify-policy.png index bfdb211..db1395b 100644 Binary files a/nifi-docs/src/main/asciidoc/images/process-group-modify-policy.png and b/nifi-docs/src/main/asciidoc/images/process-group-modify-policy.png differ http://git-wip-us.apache.org/repos/asf/nifi/blob/026a8d53/nifi-docs/src/main/asciidoc/images/process-group-view-policy.png ---------------------------------------------------------------------- diff --git a/nifi-docs/src/main/asciidoc/images/process-group-view-policy.png b/nifi-docs/src/main/asciidoc/images/process-group-view-policy.png index 0d6f4d9..79bda56 100644 Binary files a/nifi-docs/src/main/asciidoc/images/process-group-view-policy.png and b/nifi-docs/src/main/asciidoc/images/process-group-view-policy.png differ http://git-wip-us.apache.org/repos/asf/nifi/blob/026a8d53/nifi-docs/src/main/asciidoc/images/processor-modify-policy.png ---------------------------------------------------------------------- diff --git a/nifi-docs/src/main/asciidoc/images/processor-modify-policy.png b/nifi-docs/src/main/asciidoc/images/processor-modify-policy.png index d5bc89a..2efb4fb 100644 Binary files a/nifi-docs/src/main/asciidoc/images/processor-modify-policy.png and b/nifi-docs/src/main/asciidoc/images/processor-modify-policy.png differ http://git-wip-us.apache.org/repos/asf/nifi/blob/026a8d53/nifi-docs/src/main/asciidoc/images/processor-view-policy.png ---------------------------------------------------------------------- diff --git a/nifi-docs/src/main/asciidoc/images/processor-view-policy.png b/nifi-docs/src/main/asciidoc/images/processor-view-policy.png index aff87c1..14f3c7c 100644 Binary files a/nifi-docs/src/main/asciidoc/images/processor-view-policy.png and b/nifi-docs/src/main/asciidoc/images/processor-view-policy.png differ
