Administration
Also available as:
PDF
loading table of contents...
Component Level Access Policies

Component level access policies govern the following component level authorizations:

Policy

Privilege

view the component

Allows users to view component configuration details

modify the component

Allows users to modify component configuration details

view the data

Allows user to view metadata and content for this component through provenance data and flowfile queues in outbound connections

modify the data

Allows user to empty flowfile queues in outbound connections and submit replays

view the policies

Allows users to view the list of users who can view/modify a component

modify the policies

Allows users to modify the list of users who can view/modify a component

receive data via site-to-site

Allows a port to receive data from NiFi instances

send data via site-to-site

Allows a port to send data from NiFi instances

You can apply access policies to all component types except connections. Connection authorizations are inferred by the individual access policies on the source and destination components of the connection, as well as the access policy of the process group containing the components. This is discussed in more detail in the Creating a Connection and Editing a Connection examples below.

In order to access List Queue or Delete Queue for a connection, a user requires permission to the "view the data" and "modify the data" policies on the component. In a clustered environment, all nodes must be be added to these policies as well, as a user request could be replicated through any node in the cluster.