nifi-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Meixner, Johannes" <>
Subject Ranger-plugin authorises "anonymous" for /flow
Date Mon, 09 Apr 2018 07:55:24 GMT
I'm trying to harden my NiFi instance's authorizations and auditing using
Ranger (which is backed by an LDAP instance).

In Ranger I have defined a couple of resources defined to be authorized for
the nifi nodes' CNs (from SSL certs), `{USER}` and `{OWNER}`.

Turns out that if I add `{USER}` to the resource containing "/flow" I can
read the flow as anonymous user, which is exactly the opposite of what I

Some digging last week lead me to believe that this is due to the way [1] does authorizations. Note, I could be on the
completely wrong track here.

Is there any way to prevent `anonymous` from doing anything in NiFi,
through Ranger?

Best regards
Johannes Meixner


View raw message