I believe the Node Group will grant that group the same permissions as the Node Identities would get. So if you have a user-group-provider that already has this group and already knows the nodes are in this group, maybe in LDAP or some other external provider, then you can just specify this group as the Node Group and then you don't have to specify Node Identities. This helps when adding new nodes because you don't have to do anything with policies for the new node, as long as they are in that group in the user-group-provider.
On Thu, Apr 11, 2019 at 2:53 PM Mark Bean <[email protected]> wrote: > > What is the proper usage of the Node Group in the authorizers.xml file? The > documentation only describes what it is, but not how to use it. > > For example, I attempt to add a new node to a cluster. The authorizers.xml > was modified to add the User Group name to the accessPolicyProvider's Node > Group property. NiFi failed to start; it could not find the node group. The > startup process created new, empty authorizations.xml and users.xml files. > Should it have inherited these from the cluster? > > What else am I doing wrong? > > Thanks, > Mark
