You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@airflow.apache.org by Thomas Weise <th...@apache.org> on 2017/04/04 00:42:51 UTC
Re: Airflow user management
I was able to set a password from the command line, now I can login with
the user that was created through the UI.
Filtering by owner doesn't work though. I confirmed that the user also has
superuser = False, but still it can see DAGs of other users.
Any suggestions what to look for?
I tried to put some debug statements into www/views.py but they don't see
to take effect. How do I rebuild the installation (under
/usr/local/lib/python2.7/dist-packages/airflow) after making changes?
Thanks
On Fri, Mar 31, 2017 at 3:10 PM, Thomas Weise <th...@apache.org> wrote:
> Hi,
>
> I would like to create a few users that only can see their respective DAGs
> and have no global access like user administration.
> I have enabled password authentication and created the initial user as
> instructed here:
>
> https://airflow.incubator.apache.org/security.html?
> highlight=multi%20tenancy#web-authentication
>
> My airflow.cfg has the following settings:
>
> # Set to true to turn on authentication:
>
> # http://pythonhosted.org/airflow/security.html#web-authentication
>
> authenticate = True
>
> auth_backend = airflow.contrib.auth.backends.password_auth
>
> # Filter the list of dags by owner name (requires authentication to be
> enabled)
>
> filter_by_owner = True
>
> The (admin?) user that I created will after login see all DAGs (even
> though filtering was enabled) and is able to create other users. However,
> while creating new users through the UI, there seems to be no way to
> specify a password?
>
> Thanks,
>
> Thomas
>
>
>
Re: Airflow user management
Posted by Thomas Weise <th...@apache.org>.
Hi,
I finally found that with username/password authentication, the superuser
setting in the database is ignored and everyone is a superuser... See diff
below after which the filtering behaves as expected.
Thanks
*diff --git a/airflow/contrib/auth/backends/password_auth.py
b/airflow/contrib/auth/backends/password_auth.py*
*index 000b9861..7fe00197 100644*
*--- a/airflow/contrib/auth/backends/password_auth.py*
*+++ b/airflow/contrib/auth/backends/password_auth.py*
@@ -89,7 +89,7 @@ class PasswordUser(models.User):
def is_superuser(self):
'''Access all the things'''
- return True
+ return False
On Mon, Apr 3, 2017 at 5:42 PM, Thomas Weise <th...@apache.org> wrote:
> I was able to set a password from the command line, now I can login with
> the user that was created through the UI.
>
> Filtering by owner doesn't work though. I confirmed that the user also has
> superuser = False, but still it can see DAGs of other users.
>
> Any suggestions what to look for?
>
> I tried to put some debug statements into www/views.py but they don't see
> to take effect. How do I rebuild the installation (under
> /usr/local/lib/python2.7/dist-packages/airflow) after making changes?
>
> Thanks
>
>
> On Fri, Mar 31, 2017 at 3:10 PM, Thomas Weise <th...@apache.org> wrote:
>
>> Hi,
>>
>> I would like to create a few users that only can see their respective
>> DAGs and have no global access like user administration.
>> I have enabled password authentication and created the initial user as
>> instructed here:
>>
>> https://airflow.incubator.apache.org/security.html?highlight
>> =multi%20tenancy#web-authentication
>>
>> My airflow.cfg has the following settings:
>>
>> # Set to true to turn on authentication:
>>
>> # http://pythonhosted.org/airflow/security.html#web-authentication
>>
>> authenticate = True
>>
>> auth_backend = airflow.contrib.auth.backends.password_auth
>>
>> # Filter the list of dags by owner name (requires authentication to be
>> enabled)
>>
>> filter_by_owner = True
>>
>> The (admin?) user that I created will after login see all DAGs (even
>> though filtering was enabled) and is able to create other users. However,
>> while creating new users through the UI, there seems to be no way to
>> specify a password?
>>
>> Thanks,
>>
>> Thomas
>>
>>
>>
>