Reputation: 603
Apache NiFi : Users addition from backend?
I am aware of adding/managing users from GUI in NiFi i.e. a admin user and add user and groups/policies etc.
This is maintained in users.xml file.
- I wanted to know, can we manually add records in users.xml instead of GUI?
- If yes, how is identifier tag of user derived by NiFi. For e.g. I see a tag:
How is above identifier generated?
The reason for above is, we can maintain the users.xml file in our code base and whenever new users need to be added in NiFi, team can update its details in this file and release and we re-start NIFi. We do not have to rely on GUI to add new users.
Is it possible?
EDIT:
To be more clear, currently we have ldap authentication in place using ldap-provider. So that part is fine. I am not lookng for ldap authentication to NiFi.
Now for actual roles/permissions for "authorized users" i.e. who can see the processors/components, create new processors, query data provenance etc admin go to NiFi UI and add users/groups/policies etc. These details are then updated in users.xml. I am specifically looking to achieve this activity via automating or from backend. As per the response from Bryan, I think the feasible solution is using Nifi REST API for that.
Upvotes: 1
Views: 2832
Answers (3)
Reputation: 150
users.xml doesn't intended to updated by users. This can be overcomed if you use external authentication providers ex. ldap-authentication provider
Upvotes: 0
Reputation: 1134
Another option would be to load your users from a Directory Server. This is detailed in the admin guide [1]. This implementation is configured with an interval for retrieving new users from the Directory Server.
[1] https://nifi.apache.org/docs/nifi-docs/html/administration-guide.html#authorizers-setup
Upvotes: 2
Reputation: 18660
The users.xml and authorizations.xml really shouldn't be manually edited/maintained, they are internals of the file-based authorizer that are not meant to be a public API.
It would be better to maintain a script that looped through a list of users and used NiFi's REST API to see if the user existed, and if it didn't then created the user using the REST API.
Upvotes: 5
Related Questions
- How to pass credential to NiFi rest api
- Nifi rest api Username/Password login not supported by this NiFi reponse
- can we communicate with nifi through cli?
- Apache Nifi - How do I make different user groups and policies upon Nifi startup?
- Apache NiFi: Bootstrap UserGroups and Policies with a file based provider
- NiFi User related information in Flow
- Nifi add attribute from DB
- Can i read the logged in user name in nifi processor or any component?
- Method for collecting user input within NiFi topology
- NiFi Coordinator - Handle Data