diff --git a/nifi-docs/src/main/asciidoc/administration-guide.adoc b/nifi-docs/src/main/asciidoc/administration-guide.adoc index e39dee4aa2..a29602f724 100644 --- a/nifi-docs/src/main/asciidoc/administration-guide.adoc +++ b/nifi-docs/src/main/asciidoc/administration-guide.adoc @@ -381,9 +381,33 @@ Here is an example entry: ---- -After you have edited and saved the 'authorizers.xml' file, restart NiFi. Users and roles from the 'authorized-users.xml' file are converted and added as identities and policies in the 'authorizations.xml' file. Once the application starts, users who previously had a legacy Admin role can access the UI and begin managing users, groups, and policies. +After you have edited and saved the 'authorizers.xml' file, restart NiFi. Users and roles from the 'authorized-users.xml' file are converted and added as identities and policies in the 'authorizations.xml' file. Once the application starts, users who previously had a legacy Administrator role can access the UI and begin managing users, groups, and policies. -NiFi fails to restart if values exist for both the “Initial Admin Identity” and “Legacy Authorized Users File” properties. You can specify only one of these values to initialize authorizations. +Here is a summary of policies assigned to each legacy role if the NiFi instance has an existing flow.xml.gz: + +[cols=">s,^s,^s,^s,^s,^s,^s", options="header"] +|========================== +| | Admin | DFM | Monitor | Provenance | NiFi | Proxy +|view the UI |* |* |* | | | +|view the controller |* |* |* | |* | +|modify the controller | |* | | | | +|view system diagnostics | |* |* | | | +|view the dataflow |* |* |* | | | +|modify the dataflow | |* | | | | +|view the users/groups |* | | | | | +|modify the users/groups |* | | | | | +|view policies |* | | | | | +|modify policies |* | | | | | +|query provenance | | | |* | | +|view the data | |* | |* | |* +|modify the data | |* | | | |* +|retrieve site-to-site details | | | | |* | +|send proxy user requests | | | | | |* +|========================== + +For details on the policies in the table, see <>. + +NOTE: NiFi fails to restart if values exist for both the “Initial Admin Identity” and “Legacy Authorized Users File” properties. You can specify only one of these values to initialize authorizations. NOTE: Do not manually edit the 'authorizations.xml' file. Create authorizations only during initial setup and afterwards using the NiFi UI. @@ -517,8 +541,11 @@ Component level access policies govern the following component level authorizati |modify the component |Allows users to modify component configuration details -|view the provenance events -|Allows users to access provenance events and content for a component +|view the data +|Allows user to view metadata and content for this component through provenance data and flowfile queues in outbound connections + +|modify the data +|Allows user to empty flowfile queues in outbound connections and submit replays |view the policies |Allows users to view the list of users who can view/modify a component diff --git a/nifi-docs/src/main/asciidoc/images/process-group-modify-policy.png b/nifi-docs/src/main/asciidoc/images/process-group-modify-policy.png index bfdb21123f..db1395b57a 100644 Binary files a/nifi-docs/src/main/asciidoc/images/process-group-modify-policy.png and b/nifi-docs/src/main/asciidoc/images/process-group-modify-policy.png differ diff --git a/nifi-docs/src/main/asciidoc/images/process-group-view-policy.png b/nifi-docs/src/main/asciidoc/images/process-group-view-policy.png index 0d6f4d94ab..79bda56787 100644 Binary files a/nifi-docs/src/main/asciidoc/images/process-group-view-policy.png and b/nifi-docs/src/main/asciidoc/images/process-group-view-policy.png differ diff --git a/nifi-docs/src/main/asciidoc/images/processor-modify-policy.png b/nifi-docs/src/main/asciidoc/images/processor-modify-policy.png index d5bc89a53e..2efb4fbfac 100644 Binary files a/nifi-docs/src/main/asciidoc/images/processor-modify-policy.png and b/nifi-docs/src/main/asciidoc/images/processor-modify-policy.png differ diff --git a/nifi-docs/src/main/asciidoc/images/processor-view-policy.png b/nifi-docs/src/main/asciidoc/images/processor-view-policy.png index aff87c1305..14f3c7ca9e 100644 Binary files a/nifi-docs/src/main/asciidoc/images/processor-view-policy.png and b/nifi-docs/src/main/asciidoc/images/processor-view-policy.png differ