You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@airflow.apache.org by "Alec Taggart (JIRA)" <ji...@apache.org> on 2019/04/30 22:26:00 UTC

[jira] [Created] (AIRFLOW-4449) Default permissions for custom roles

Alec Taggart created AIRFLOW-4449:
-------------------------------------

             Summary: Default permissions for custom roles
                 Key: AIRFLOW-4449
                 URL: https://issues.apache.org/jira/browse/AIRFLOW-4449
             Project: Apache Airflow
          Issue Type: Bug
          Components: database, webserver
            Reporter: Alec Taggart
         Attachments: Custom role post default addition.png, Custom role pre default addition.png

By default, there are 4 core airflow user roles. These roles are well made and perform nicely. However, adding new custom roles seems to (by default) apply all "User" permissions to the new custom role. I attached some screen-shots showing custom roles being changed by the web server to include default "User" permissions. This is an issue as it prevents strict control of specific pipelines. At most, default permissions applied to custom roles should only include viewing privileges. This way the system admins can add read/edit/pause/etc. permissions for specific dags. 

 

I suggest changing the default permissions that are applied to all custom roles to a list of permissions similar to the "Viewer" role OR simply do not apply default permissions to custom roles and let admins handle assigning permissions or multiple custom roles to users. The latter is definitely the preferred functionality. 

Please note I am not suggesting a removal on the four base roles that come with airflow, simply different behavior when creating new roles. 

Below is a list of changed permissions to apply to custom roles if it is decided this is the best approach. (very similar to "Viewer" role) 

[can tries on Airflow, can graph on Airflow, can task on Airflow, can code on Airflow, can duration on Airflow, can landing times on Airflow, can pickle info on Airflow, can tree on Airflow, can rendered on Airflow, can gantt on Airflow, can blocked on Airflow, can task instances on Airflow, can log on Airflow, can index on Airflow, can dag stats on Airflow, can get logs with metadata on Airflow, can task stats on Airflow, can dag details on Airflow, can list on DagModelView, can show on DagModelView, can version on VersionView, can list on DagRunModelView, menu access on DAG Runs, menu access on Browse, can list on JobModelView, menu access on Jobs, can list on LogModelView, menu access on Logs, can list on SlaMissModelView, menu access on SLA Misses, can list on TaskInstanceModelView, menu access on Task Instances, menu access on Documentation, menu access on Docs, menu access on Version, menu access on About]

 



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)