You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@nifi.apache.org by Chakrader Dewaragatla <Ch...@lifelock.com> on 2016/01/21 22:50:31 UTC
Nifi UI - Readonly
Hi – I would like to secure the nifi ui to readonly mode. Nifi documentation has some steps to enable authentication options using ldap, kerberos etc. Before going into authentication setup, do nifi has any config in nifi.properties to enable UI in readonly mode ?
Api and UI has same default port (8080), can I change api port to some custom port ?
Thanks,
-Chakri
________________________________
The information contained in this transmission may contain privileged and confidential information. It is intended only for the use of the person(s) named above. If you are not the intended recipient, you are hereby notified that any review, dissemination, distribution or duplication of this communication is strictly prohibited. If you are not the intended recipient, please contact the sender by reply email and destroy all copies of the original message.
________________________________
Re: Nifi UI - Readonly
Posted by Chakrader Dewaragatla <Ch...@lifelock.com>.
Thanks Matt
From: Matt Gilman
Reply-To: "users@nifi.apache.org<ma...@nifi.apache.org>"
Date: Thursday, January 21, 2016 at 5:16 PM
To: "users@nifi.apache.org<ma...@nifi.apache.org>"
Subject: Re: Nifi UI - Readonly
Without introducing user authentication/authorization the UI is editable by anyone. To secure your NiFi check out the admin [1] [2] [3] and user [4] guide.
Matt
[1] https://nifi.apache.org/docs/nifi-docs/html/administration-guide.html#security-configuration
[2] https://nifi.apache.org/docs/nifi-docs/html/administration-guide.html#user-authentication
[3] https://nifi.apache.org/docs/nifi-docs/html/administration-guide.html#controlling-levels-of-access
[4] https://nifi.apache.org/docs/nifi-docs/html/user-guide.html#logging-in
On Thu, Jan 21, 2016 at 7:51 PM, Chakrader Dewaragatla <Ch...@lifelock.com>> wrote:
Joe - To setup roles and users, I should have organization setup using LDAP or some other authentication providers.
Before going there, any means of deploying nifi with read-only UI access as default ?
Thanks,
-Chakri
On 1/21/16, 2:03 PM, "Joe Witt" <jo...@gmail.com>> wrote:
>Chakri
>
>A user is associated with one or more roles. One of those roles a
>user could have is simply read-only. In a typical organization the
>majority of users actually have 'read-only' like a watch person or
>monitoring service and so on. Very few users would have roles such as
>provenance or dfm where they can review details of what happened or
>change flow behavior. Once you setup NiFi in secure mode these roles
>are in play. The UI and API port you are referring to are indeed one
>in the same because whether it is a user in their browser or whether
>it is an automated system calling NIFI in any case it is using the
>NIFI HTTP-based API. You can certainly change the port but there is
>only one port.
>
>Thanks
>Joe
>
>On Thu, Jan 21, 2016 at 4:50 PM, Chakrader Dewaragatla
><Ch...@lifelock.com>> wrote:
>> Hi – I would like to secure the nifi ui to readonly mode. Nifi documentation
>> has some steps to enable authentication options using ldap, kerberos etc.
>> Before going into authentication setup, do nifi has any config in
>> nifi.properties to enable UI in readonly mode ?
>>
>> Api and UI has same default port (8080), can I change api port to some
>> custom port ?
>>
>> Thanks,
>> -Chakri
>> ________________________________
>> The information contained in this transmission may contain privileged and
>> confidential information. It is intended only for the use of the person(s)
>> named above. If you are not the intended recipient, you are hereby notified
>> that any review, dissemination, distribution or duplication of this
>> communication is strictly prohibited. If you are not the intended recipient,
>> please contact the sender by reply email and destroy all copies of the
>> original message.
>> ________________________________
________________________________
The information contained in this transmission may contain privileged and confidential information. It is intended only for the use of the person(s) named above. If you are not the intended recipient, you are hereby notified that any review, dissemination, distribution or duplication of this communication is strictly prohibited. If you are not the intended recipient, please contact the sender by reply email and destroy all copies of the original message.
________________________________
________________________________
The information contained in this transmission may contain privileged and confidential information. It is intended only for the use of the person(s) named above. If you are not the intended recipient, you are hereby notified that any review, dissemination, distribution or duplication of this communication is strictly prohibited. If you are not the intended recipient, please contact the sender by reply email and destroy all copies of the original message.
________________________________
Re: Nifi UI - Readonly
Posted by Matt Gilman <ma...@gmail.com>.
Without introducing user authentication/authorization the UI is editable by
anyone. To secure your NiFi check out the admin [1] [2] [3] and user [4]
guide.
Matt
[1]
https://nifi.apache.org/docs/nifi-docs/html/administration-guide.html#security-configuration
[2]
https://nifi.apache.org/docs/nifi-docs/html/administration-guide.html#user-authentication
[3]
https://nifi.apache.org/docs/nifi-docs/html/administration-guide.html#controlling-levels-of-access
[4] https://nifi.apache.org/docs/nifi-docs/html/user-guide.html#logging-in
On Thu, Jan 21, 2016 at 7:51 PM, Chakrader Dewaragatla <
Chakrader.Dewaragatla@lifelock.com> wrote:
> Joe - To setup roles and users, I should have organization setup using
> LDAP or some other authentication providers.
> Before going there, any means of deploying nifi with read-only UI access
> as default ?
>
> Thanks,
> -Chakri
>
>
>
> On 1/21/16, 2:03 PM, "Joe Witt" <jo...@gmail.com> wrote:
>
> >Chakri
> >
> >A user is associated with one or more roles. One of those roles a
> >user could have is simply read-only. In a typical organization the
> >majority of users actually have 'read-only' like a watch person or
> >monitoring service and so on. Very few users would have roles such as
> >provenance or dfm where they can review details of what happened or
> >change flow behavior. Once you setup NiFi in secure mode these roles
> >are in play. The UI and API port you are referring to are indeed one
> >in the same because whether it is a user in their browser or whether
> >it is an automated system calling NIFI in any case it is using the
> >NIFI HTTP-based API. You can certainly change the port but there is
> >only one port.
> >
> >Thanks
> >Joe
> >
> >On Thu, Jan 21, 2016 at 4:50 PM, Chakrader Dewaragatla
> ><Ch...@lifelock.com> wrote:
> >> Hi – I would like to secure the nifi ui to readonly mode. Nifi
> documentation
> >> has some steps to enable authentication options using ldap, kerberos
> etc.
> >> Before going into authentication setup, do nifi has any config in
> >> nifi.properties to enable UI in readonly mode ?
> >>
> >> Api and UI has same default port (8080), can I change api port to some
> >> custom port ?
> >>
> >> Thanks,
> >> -Chakri
> >> ________________________________
> >> The information contained in this transmission may contain privileged
> and
> >> confidential information. It is intended only for the use of the
> person(s)
> >> named above. If you are not the intended recipient, you are hereby
> notified
> >> that any review, dissemination, distribution or duplication of this
> >> communication is strictly prohibited. If you are not the intended
> recipient,
> >> please contact the sender by reply email and destroy all copies of the
> >> original message.
> >> ________________________________
> ________________________________
> The information contained in this transmission may contain privileged and
> confidential information. It is intended only for the use of the person(s)
> named above. If you are not the intended recipient, you are hereby notified
> that any review, dissemination, distribution or duplication of this
> communication is strictly prohibited. If you are not the intended
> recipient, please contact the sender by reply email and destroy all copies
> of the original message.
> ________________________________
>
Re: Nifi UI - Readonly
Posted by Chakrader Dewaragatla <Ch...@lifelock.com>.
Joe - To setup roles and users, I should have organization setup using LDAP or some other authentication providers.
Before going there, any means of deploying nifi with read-only UI access as default ?
Thanks,
-Chakri
On 1/21/16, 2:03 PM, "Joe Witt" <jo...@gmail.com> wrote:
>Chakri
>
>A user is associated with one or more roles. One of those roles a
>user could have is simply read-only. In a typical organization the
>majority of users actually have 'read-only' like a watch person or
>monitoring service and so on. Very few users would have roles such as
>provenance or dfm where they can review details of what happened or
>change flow behavior. Once you setup NiFi in secure mode these roles
>are in play. The UI and API port you are referring to are indeed one
>in the same because whether it is a user in their browser or whether
>it is an automated system calling NIFI in any case it is using the
>NIFI HTTP-based API. You can certainly change the port but there is
>only one port.
>
>Thanks
>Joe
>
>On Thu, Jan 21, 2016 at 4:50 PM, Chakrader Dewaragatla
><Ch...@lifelock.com> wrote:
>> Hi – I would like to secure the nifi ui to readonly mode. Nifi documentation
>> has some steps to enable authentication options using ldap, kerberos etc.
>> Before going into authentication setup, do nifi has any config in
>> nifi.properties to enable UI in readonly mode ?
>>
>> Api and UI has same default port (8080), can I change api port to some
>> custom port ?
>>
>> Thanks,
>> -Chakri
>> ________________________________
>> The information contained in this transmission may contain privileged and
>> confidential information. It is intended only for the use of the person(s)
>> named above. If you are not the intended recipient, you are hereby notified
>> that any review, dissemination, distribution or duplication of this
>> communication is strictly prohibited. If you are not the intended recipient,
>> please contact the sender by reply email and destroy all copies of the
>> original message.
>> ________________________________
________________________________
The information contained in this transmission may contain privileged and confidential information. It is intended only for the use of the person(s) named above. If you are not the intended recipient, you are hereby notified that any review, dissemination, distribution or duplication of this communication is strictly prohibited. If you are not the intended recipient, please contact the sender by reply email and destroy all copies of the original message.
________________________________
Re: Nifi UI - Readonly
Posted by Joe Witt <jo...@gmail.com>.
Chakri
A user is associated with one or more roles. One of those roles a
user could have is simply read-only. In a typical organization the
majority of users actually have 'read-only' like a watch person or
monitoring service and so on. Very few users would have roles such as
provenance or dfm where they can review details of what happened or
change flow behavior. Once you setup NiFi in secure mode these roles
are in play. The UI and API port you are referring to are indeed one
in the same because whether it is a user in their browser or whether
it is an automated system calling NIFI in any case it is using the
NIFI HTTP-based API. You can certainly change the port but there is
only one port.
Thanks
Joe
On Thu, Jan 21, 2016 at 4:50 PM, Chakrader Dewaragatla
<Ch...@lifelock.com> wrote:
> Hi – I would like to secure the nifi ui to readonly mode. Nifi documentation
> has some steps to enable authentication options using ldap, kerberos etc.
> Before going into authentication setup, do nifi has any config in
> nifi.properties to enable UI in readonly mode ?
>
> Api and UI has same default port (8080), can I change api port to some
> custom port ?
>
> Thanks,
> -Chakri
> ________________________________
> The information contained in this transmission may contain privileged and
> confidential information. It is intended only for the use of the person(s)
> named above. If you are not the intended recipient, you are hereby notified
> that any review, dissemination, distribution or duplication of this
> communication is strictly prohibited. If you are not the intended recipient,
> please contact the sender by reply email and destroy all copies of the
> original message.
> ________________________________