You could use MiNiFi agents on each external resource to consume data in a 
siloed manner and transmit it to a central NiFi instance over Site-to-site 
protocol. This would allow each producer of data to remain isolated (either 
physically disconnected or each using a distinct OS user for ACL with the 
respective MiNiFi agents running as that user) and communicate the necessary 
data back to a central processing instance. 

Andy LoPresto
PGP Fingerprint: 70EC B3E5 98A6 5A3F D3C4  BACE 3C6E F65B 2F7D EF69

> On Feb 12, 2020, at 6:54 AM, Tomislav Novosel <> wrote:
> Hi guys,
> I'm having this situation inside my company projects. We are using NiFi as 
> DataFlow platform and there are multiple projects.
> Every project has files on shared disk/folder from which one Nifi 
> instance(standalone instance) is reading data.
> NiFi instance service is running under one generic user which has read rights 
> for every shared folder/project and that is fine.
> As there will be more and more projects and only one generic user will need 
> to have read rights on all shared disks/folders of all projects. So which is 
> better solution:
> To have one NiFi instance running with one generic user which has read rights 
> on all shared disks/folders. From security standpoint it is not ok. Shared 
> folders are from various customers. Data volume and load is not too big for 
> only one standalone NiFi instance.
> To have Multiple NiFi instances on one server each running under different 
> generic user and every generic user belongs to one customer shared folder 
> regarding read rights, 1:1 relationship.
> In the future there will be need to scure NiFi instances with SSL, maybe to 
> add more nodes and to establish multi-tenancy.
> Is there maybe some other third solution for this situation? How to setup 
> that kind of data flow where are multiple data sources and security is 
> important?
> Thanks in advance and best regards.
> Tom

Reply via email to