James Wing By James Wing on 2016-03-04

This article describes how to manage users and passwords for your NiFi instance.

Changing Passwords

You can change the NiFi login password for any user from the command-line of the instance operating system.

First, Connect to your instance using Secure Shell (SSH). The command will look like the following example, but you must substitute your actual EC2 key pair file and instance public DNS above:

ssh -i ~/.ssh/YourEC2KeyPair.pem ec2-user@ec2-instance-ip-address.compute-1.amazonaws.com

At the prompt, run the BatchIQ set password utility to set a new password. The format is as follows:

sudo batchiq-admin set-password <user> <new password>

For example, to change the admin user's password to "newpassword", it would appear as follows:

sudo batchiq-admin set-password admin newpassword

Adding Users

BatchIQ instances include a username/password authentication scheme for users. Configuration files must be edited to add new users and authorize their actions.

Any tool may be used to edit these configuration files. BatchIQ instances include the nano and vi tools for editing via the Linux shell. Nano is recommended if you are unfamiliar with these tools. Backing up these files before editing is always recommended.

Authentication

An authentication or password entry for each user is required in the credentials.xml file for your instance, stored by default at /var/nifi/home/security/credentials.xml. You should edit this file to contain one XML <users> entry for each user like the following:

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<credentials>
    <user name="admin" passwordHash="$2a$10$..." />
    <user name="james" passwordHash="$2a$10$..." />
    <user name="sally" passwordHash="$2a$10$..." />
    ...
</credentials>

For example,

sudo nano /var/nifi/home/security/credentials.xml

Do not worry about the passwordHash field while adding a user. After you create an entry for the new user in the file, update the password as described in Changing Passwords above.

Authorization

NiFi assigns roles to users that control what they can see and do in the NiFi user interface. Roles are configured in the authorized-users.xml file, located by default at /var/nifi/home/conf/authorized-users.xml.

<users>
    <user dn="admin">
        <role name="ROLE_ADMIN"/>
        <role name="ROLE_DFM"/>
        <role name="ROLE_PROVENANCE"/>
    </user>
    <user dn="james">
        <role name="ROLE_DFM"/>
        <role name="ROLE_PROVENANCE"/>
    </user>
    <user dn="sally">
        <role name="ROLE_DFM"/>
    </user>
    ...
</users>

To edit this file with Nano:

sudo nano /var/nifi/home/conf/authorized-users.xml

Restart NiFi

You will need to restart NiFi to apply new or removed users. Restart by running the command:

sudo service nifi restart

Need Some Help?

Please use the BatchIQ Support Portal to open a ticket and get customized assistance.