Without introducing user authentication/authorization the UI is editable by anyone. To secure your NiFi check out the admin [1] [2] [3] and user [4] guide.

Matt

[1] https://nifi.apache.org/docs/nifi-docs/html/administration-guide.html#security-configuration
[2] https://nifi.apache.org/docs/nifi-docs/html/administration-guide.html#user-authentication
[3] https://nifi.apache.org/docs/nifi-docs/html/administration-guide.html#controlling-levels-of-access
[4] https://nifi.apache.org/docs/nifi-docs/html/user-guide.html#logging-in

On Thu, Jan 21, 2016 at 7:51 PM, Chakrader Dewaragatla <Chakrader.Dewaragatla@lifelock.com> wrote:
Joe - To setup roles and users, I should have organization setup using LDAP or some other authentication providers.
Before going there, any means of deploying nifi with read-only UI access as default ?

Thanks,
-Chakri



On 1/21/16, 2:03 PM, "Joe Witt" <joe.witt@gmail.com> wrote:

>Chakri
>
>A user is associated with one or more roles.  One of those roles a
>user could have is simply read-only.  In a typical organization the
>majority of users actually have 'read-only' like a watch person or
>monitoring service and so on.  Very few users would have roles such as
>provenance or dfm where they can review details of what happened or
>change flow behavior.  Once you setup NiFi in secure mode these roles
>are in play.  The UI and API port you are referring to are indeed one
>in the same because whether it is a user in their browser or whether
>it is an automated system calling NIFI in any case it is using the
>NIFI HTTP-based API.  You can certainly change the port but there is
>only one port.
>
>Thanks
>Joe
>
>On Thu, Jan 21, 2016 at 4:50 PM, Chakrader Dewaragatla
><Chakrader.Dewaragatla@lifelock.com> wrote:
>> Hi – I would like to secure the nifi ui to readonly mode. Nifi documentation
>> has some steps to enable authentication options using ldap, kerberos etc.
>> Before going into authentication setup, do nifi has any config in
>> nifi.properties to enable UI in readonly mode ?
>>
>> Api and UI has same default port (8080), can I change api port to some
>> custom port ?
>>
>> Thanks,
>> -Chakri
>> ________________________________
>> The information contained in this transmission may contain privileged and
>> confidential information. It is intended only for the use of the person(s)
>> named above. If you are not the intended recipient, you are hereby notified
>> that any review, dissemination, distribution or duplication of this
>> communication is strictly prohibited. If you are not the intended recipient,
>> please contact the sender by reply email and destroy all copies of the
>> original message.
>> ________________________________
________________________________
 The information contained in this transmission may contain privileged and confidential information. It is intended only for the use of the person(s) named above. If you are not the intended recipient, you are hereby notified that any review, dissemination, distribution or duplication of this communication is strictly prohibited. If you are not the intended recipient, please contact the sender by reply email and destroy all copies of the original message.
________________________________