You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@airflow.apache.org by "Liu Xuesi (Jira)" <ji...@apache.org> on 2019/09/27 09:30:00 UTC
[jira] [Updated] (AIRFLOW-5562) Skip grant single DAG permissions
for Admin role
[ https://issues.apache.org/jira/browse/AIRFLOW-5562?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Liu Xuesi updated AIRFLOW-5562:
-------------------------------
Description:
From AIRFLOW-2267,there is a function named *update_admin_perm_view* will refresh admin permission then add ALL permission to Admin role.
But, DAG level access make each DAG a MenuView, these views will be grant to Admin role. As Admin role already have access to *all_dags*, these permissions actually make Admin role's permission more chaotic.
In my project, it is hard to check permissions in webUI and actually this lead to some performance issues.
was:
From [AIRFLOW-2267],there is a function named *update_admin_perm_view* will refresh admin permission then add ALL permission to Admin role.
But, DAG level access make each DAG a MenuView, these views will be grant to Admin role. As Admin role already have access to *all_dags*, these permissions actually make Admin role's permission more chaotic.
In my project, it is hard to check permissions in webUI and actually this lead to some performance issues.
> Skip grant single DAG permissions for Admin role
> ------------------------------------------------
>
> Key: AIRFLOW-5562
> URL: https://issues.apache.org/jira/browse/AIRFLOW-5562
> Project: Apache Airflow
> Issue Type: Improvement
> Components: security
> Affects Versions: 1.10.3, 1.10.4, 1.10.5
> Reporter: Liu Xuesi
> Priority: Major
> Labels: security, security-groups
> Attachments: admin_permission_full_of_dags.jpg
>
> Original Estimate: 168h
> Remaining Estimate: 168h
>
> From AIRFLOW-2267,there is a function named *update_admin_perm_view* will refresh admin permission then add ALL permission to Admin role.
> But, DAG level access make each DAG a MenuView, these views will be grant to Admin role. As Admin role already have access to *all_dags*, these permissions actually make Admin role's permission more chaotic.
> In my project, it is hard to check permissions in webUI and actually this lead to some performance issues.
>
--
This message was sent by Atlassian Jira
(v8.3.4#803005)