Configuring NiFi Authentication and Proxying with Apache Knox
Also available as:
PDF

Adding a Policy Using NiFi

You must add the Knox user and proxy policies only if you did not add the Knox cert DN to the list of node identities in Advanced nifi-ambari-ssl-config when NiFi was installed. You also must manually edit policies for the users who are going to log in to Knox and for the Knox node itself to be authorized as a proxy. At a minimum, the Knox node should be added to the policy for proxying user requests and the users.

  1. Create a user to represent the Knox identity in NiFi. Navigate to the NiFi Global Menu | Users. Click Add User . The value for the identify of this new user is the DN from the cert that Knox is using to communicate with NiFi.
  2. From the NiFi Global Menu | Policies, select proxy user requests and add the Knox identity.
  3. For component-level policies, on the root group, add permissions to "view the data" and to "modify the data" for the Knox identity.