3.2 KiB
Authentication
This connector supports following authentication mechanisms
Single User Authentication (auth: SINGLE_USER)
Connector will pass this username and password as used on Nifi Login Page over /access/token REST endpoint. This mode also works when Kerberos login identity provider is set up for Nifi.
Client Certificates Authentication (auth: CLIENT_CERT)
Connector will use client_cert_file(required) and client_key_file(optional), client_key_password(optional) for mutual TLS authentication.
Kerberos Authentication via SPNEGO (auth: Kerberos)
If nifi has been configured to use Kerberos SPNEGO, connector will pass user’s Kerberos ticket to nifi over /access/kerberos REST endpoint. It is assumed that user's Kerberos ticket is already present on the machine on which ingestion runs. This is usually done by installing krb5-user and then running kinit for user.
sudo apt install krb5-user
kinit user@REALM
Basic Authentication (auth: BASIC_AUTH)
Connector will use HTTPBasicAuth with username and password.
No Authentication (auth: NO_AUTH)
This is useful for testing purposes.
Access Policies
This connector requires following access policies to be set in Nifi for ingestion user.
Global Access Policies
| Policy | Privilege | Resource | Action |
|---|---|---|---|
| view the UI | Allows users to view the UI | /flow |
R |
| query provenance | Allows users to submit a Provenance Search and request Event Lineage | /provenance |
R |
Component level Access Policies (required to be set on root process group)
| Policy | Privilege | Resource | Action |
|---|---|---|---|
| view the component | Allows users to view component configuration details | /<component-type>/<component-UUID> |
R |
| view the data | Allows users to view metadata and content for this component in flowfile queues in outbound connections and through provenance events | /data/<component-type>/<component-UUID> |
R |
| view provenance | Allows users to view provenance events generated by this component | /provenance-data/<component-type>/<component-UUID> |
R |