You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@nifi.apache.org by Tomislav Novosel <to...@gmail.com> on 2020/02/12 14:54:19 UTC
NiFi user and access rights
Hi guys,
I'm having this situation inside my company projects. We are using NiFi as
DataFlow platform and there are multiple projects.
Every project has files on shared disk/folder from which one Nifi
instance(standalone instance) is reading data.
NiFi instance service is running under one generic user which has read
rights for every shared folder/project and that is fine.
As there will be more and more projects and only one generic user will need
to have read rights on all shared disks/folders of all projects. So which
is better solution:
1. To have one NiFi instance running with one generic user which has
read rights on all shared disks/folders. From security standpoint it is not
ok. Shared folders are from various customers. Data volume and load is not
too big for only one standalone NiFi instance.
2. To have Multiple NiFi instances on one server each running under
different generic user and every generic user belongs to one customer
shared folder regarding read rights, 1:1 relationship.
In the future there will be need to scure NiFi instances with SSL, maybe to
add more nodes and to establish multi-tenancy.
Is there maybe some other third solution for this situation? How to setup
that kind of data flow where are multiple data sources and security is
important?
Thanks in advance and best regards.
Tom
Re: NiFi user and access rights
Posted by Andy LoPresto <al...@apache.org>.
You could use MiNiFi agents on each external resource to consume data in a siloed manner and transmit it to a central NiFi instance over Site-to-site protocol. This would allow each producer of data to remain isolated (either physically disconnected or each using a distinct OS user for ACL with the respective MiNiFi agents running as that user) and communicate the necessary data back to a central processing instance.
Andy LoPresto
alopresto@apache.org
alopresto.apache@gmail.com
PGP Fingerprint: 70EC B3E5 98A6 5A3F D3C4 BACE 3C6E F65B 2F7D EF69
> On Feb 12, 2020, at 6:54 AM, Tomislav Novosel <to...@gmail.com> wrote:
>
> Hi guys,
>
> I'm having this situation inside my company projects. We are using NiFi as DataFlow platform and there are multiple projects.
> Every project has files on shared disk/folder from which one Nifi instance(standalone instance) is reading data.
> NiFi instance service is running under one generic user which has read rights for every shared folder/project and that is fine.
>
> As there will be more and more projects and only one generic user will need to have read rights on all shared disks/folders of all projects. So which is better solution:
>
> To have one NiFi instance running with one generic user which has read rights on all shared disks/folders. From security standpoint it is not ok. Shared folders are from various customers. Data volume and load is not too big for only one standalone NiFi instance.
> To have Multiple NiFi instances on one server each running under different generic user and every generic user belongs to one customer shared folder regarding read rights, 1:1 relationship.
> In the future there will be need to scure NiFi instances with SSL, maybe to add more nodes and to establish multi-tenancy.
>
> Is there maybe some other third solution for this situation? How to setup that kind of data flow where are multiple data sources and security is important?
>
> Thanks in advance and best regards.
>
> Tom