That's a good point, Chad.
I don't know if there might be an easy way to get that info.
The only thing I can think of is that when running with Apache Ranger,
you have the option
to enable Audit Log in which NiFi reports to Ranger any time an access
policy is checked for authorization.
I'm not
Hi Chad,
I've never done this, but if I were to go about it I would create a
script / cron job to poll the NiFi REST API [1] periodically, and upon
detection of a new "Application PG", create the corresponding policies
in Ranger via its REST API [2].
You'll have to create service accounts in
Kevin,
Thanks for the high level thought process. Seems like a feasible solution.
Do you know if I would be able to get the user who created the "Application
PG" to add them to the Ranger policy so they don't lose access to their own
application? Does NiFi keep that information?
Thanks,
Chad
On
We use Ranger with NiFi for security and we are looking to automate the
creation of our Ranger policies.
The way we organize our flows is like this:
NiFi Root Canvas > Ingest Channel PG > Application PG
We create 3 Ranger Policies per Application PG:
-/process-groups/
-/data/process-groups/