You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@airflow.apache.org by "Liu Xuesi (Jira)" <ji...@apache.org> on 2019/09/27 09:30:00 UTC

[jira] [Updated] (AIRFLOW-5562) Skip grant single DAG permissions for Admin role

     [ https://issues.apache.org/jira/browse/AIRFLOW-5562?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Liu Xuesi updated AIRFLOW-5562:
-------------------------------
    Description: 
From AIRFLOW-2267，there is a function named *update_admin_perm_view* will refresh admin permission then add ALL permission to Admin role.

But, DAG level access make each DAG a MenuView, these views will be grant to Admin role. As Admin role already have access to *all_dags*, these permissions actually make Admin role's permission more chaotic.

In my project, it is hard to check permissions in webUI and actually this lead to some performance issues.

 

  was:
From [AIRFLOW-2267]，there is a function named *update_admin_perm_view* will refresh admin permission then add ALL permission to Admin role.

But, DAG level access make each DAG a MenuView, these views will be grant to Admin role. As Admin role already have access to *all_dags*, these permissions actually make Admin role's permission more chaotic.

In my project, it is hard to check permissions in webUI and actually this lead to some performance issues.

 


> Skip grant single DAG permissions for Admin role
> ------------------------------------------------
>
>                 Key: AIRFLOW-5562
>                 URL: https://issues.apache.org/jira/browse/AIRFLOW-5562
>             Project: Apache Airflow
>          Issue Type: Improvement
>          Components: security
>    Affects Versions: 1.10.3, 1.10.4, 1.10.5
>            Reporter: Liu Xuesi
>            Priority: Major
>              Labels: security, security-groups
>         Attachments: admin_permission_full_of_dags.jpg
>
>   Original Estimate: 168h
>  Remaining Estimate: 168h
>
> From AIRFLOW-2267，there is a function named *update_admin_perm_view* will refresh admin permission then add ALL permission to Admin role.
> But, DAG level access make each DAG a MenuView, these views will be grant to Admin role. As Admin role already have access to *all_dags*, these permissions actually make Admin role's permission more chaotic.
> In my project, it is hard to check permissions in webUI and actually this lead to some performance issues.
>  



--
This message was sent by Atlassian Jira
(v8.3.4#803005)