You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@airflow.apache.org by "Kaxil Naik (Jira)" <ji...@apache.org> on 2019/12/17 01:51:00 UTC
[jira] [Commented] (AIRFLOW-4888) Add migration system for adding
RBAC permissions to existing roles
[ https://issues.apache.org/jira/browse/AIRFLOW-4888?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16997781#comment-16997781 ]
Kaxil Naik commented on AIRFLOW-4888:
-------------------------------------
Any thoughts, updates or progress on this [~ash] [~TaoFeng] [~xddeng]?
> Add migration system for adding RBAC permissions to existing roles
> ------------------------------------------------------------------
>
> Key: AIRFLOW-4888
> URL: https://issues.apache.org/jira/browse/AIRFLOW-4888
> Project: Apache Airflow
> Issue Type: Bug
> Components: core
> Affects Versions: 2.0.0
> Reporter: Ash Berlin-Taylor
> Priority: Major
> Labels: permissions
>
> In our clusters we don't allow any users to be Admin, so we use the Op, User and Viewer roles. It turns out that these roles are missing the {{can_dagrun_success}} and {{can_dagrun_failure}} permissions.
> Fixing this for new installs is easy, but due to AIRFLOW-3271 (https://github.com/apache/airflow/pull/4118) we won't alter the roles if they already exist, so having some mechanism for adding permissions to roles via migrations might be useful.
> As a palyground I started working on https://gist.github.com/ashb/f43741740fb0eae59948d52634cda575 - I'm not sure if this is too complex or not. (It's also not a complete solution yet)
--
This message was sent by Atlassian Jira
(v8.3.4#803005)