### Authentication This connector supports following authentication mechanisms #### Single User Authentication (`auth: SINGLE_USER`) Connector will pass this `username` and `password` as used on Nifi Login Page over `/access/token` REST endpoint. This mode also works when [Kerberos login identity provider](https://nifi.apache.org/docs/nifi-docs/html/administration-guide.html#kerberos_login_identity_provider) is set up for Nifi. #### Client Certificates Authentication (`auth: CLIENT_CERT`) Connector will use `client_cert_file`(required) and `client_key_file`(optional), `client_key_password`(optional) for mutual TLS authentication. #### Kerberos Authentication via SPNEGO (`auth: Kerberos`) If nifi has been configured to use [Kerberos SPNEGO](https://nifi.apache.org/docs/nifi-docs/html/administration-guide.html#kerberos_service), connector will pass user’s Kerberos ticket to nifi over `/access/kerberos` REST endpoint. It is assumed that user's Kerberos ticket is already present on the machine on which ingestion runs. This is usually done by installing krb5-user and then running kinit for user. ```console sudo apt install krb5-user kinit user@REALM ``` #### Basic Authentication (`auth: BASIC_AUTH`) Connector will use [HTTPBasicAuth](https://requests.readthedocs.io/en/latest/user/authentication/#basic-authentication) with `username` and `password`. #### No Authentication (`auth: NO_AUTH`) This is useful for testing purposes. ### Access Policies This connector requires following access policies to be set in Nifi for ingestion user. #### Global Access Policies | Policy | Privilege | Resource | Action | | ---------------- | -------------------------------------------------------------------- | ------------- | ------ | | view the UI | Allows users to view the UI | `/flow` | R | | query provenance | Allows users to submit a Provenance Search and request Event Lineage | `/provenance` | R | #### Component level Access Policies (required to be set on root process group) | Policy | Privilege | Resource | Action | | ------------------ | ------------------------------------------------------------------------------------------------------------------------------------- | ---------------------------------------------------- | ------ | | view the component | Allows users to view component configuration details | `//` | R | | view the data | Allows users to view metadata and content for this component in flowfile queues in outbound connections and through provenance events | `/data//` | R | | view provenance | Allows users to view provenance events generated by this component | `/provenance-data//` | R |