You could use MiNiFi agents on each external resource to consume data in a siloed manner and transmit it to a central NiFi instance over Site-to-site protocol. This would allow each producer of data to remain isolated (either physically disconnected or each using a distinct OS user for ACL with the respective MiNiFi agents running as that user) and communicate the necessary data back to a central processing instance.
Andy LoPresto alopre...@apache.org alopresto.apa...@gmail.com PGP Fingerprint: 70EC B3E5 98A6 5A3F D3C4 BACE 3C6E F65B 2F7D EF69 > On Feb 12, 2020, at 6:54 AM, Tomislav Novosel <to.novo...@gmail.com> wrote: > > Hi guys, > > I'm having this situation inside my company projects. We are using NiFi as > DataFlow platform and there are multiple projects. > Every project has files on shared disk/folder from which one Nifi > instance(standalone instance) is reading data. > NiFi instance service is running under one generic user which has read rights > for every shared folder/project and that is fine. > > As there will be more and more projects and only one generic user will need > to have read rights on all shared disks/folders of all projects. So which is > better solution: > > To have one NiFi instance running with one generic user which has read rights > on all shared disks/folders. From security standpoint it is not ok. Shared > folders are from various customers. Data volume and load is not too big for > only one standalone NiFi instance. > To have Multiple NiFi instances on one server each running under different > generic user and every generic user belongs to one customer shared folder > regarding read rights, 1:1 relationship. > In the future there will be need to scure NiFi instances with SSL, maybe to > add more nodes and to establish multi-tenancy. > > Is there maybe some other third solution for this situation? How to setup > that kind of data flow where are multiple data sources and security is > important? > > Thanks in advance and best regards. > > Tom
