You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@airflow.apache.org by "ASF subversion and git services (Jira)" <ji...@apache.org> on 2019/10/30 01:31:00 UTC

[jira] [Commented] (AIRFLOW-5562) Skip grant single DAG permissions for Admin role

    [ https://issues.apache.org/jira/browse/AIRFLOW-5562?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16962601#comment-16962601 ] 

ASF subversion and git services commented on AIRFLOW-5562:
----------------------------------------------------------

Commit d800ed66320e45c5bcf6782176553ceb82050011 in airflow's branch refs/heads/master from Liu Xuesi
[ https://gitbox.apache.org/repos/asf?p=airflow.git;h=d800ed6 ]

[AIRFLOW-5562] Skip grant single DAG permissions for Admin role. (#6199)

* [AIRFLOW-5562] Skip grant single DAG permissions for Admin role.

- Admin role have all permissions so it does not need to be re-authorized.
- Too many permissions for role is not good for view and performance.

* [AIRFLOW-5562] Fix typo in last change.


> Skip grant single DAG permissions for Admin role
> ------------------------------------------------
>
>                 Key: AIRFLOW-5562
>                 URL: https://issues.apache.org/jira/browse/AIRFLOW-5562
>             Project: Apache Airflow
>          Issue Type: Improvement
>          Components: security
>    Affects Versions: 1.10.3, 1.10.4, 1.10.5
>            Reporter: Liu Xuesi
>            Assignee: Liu Xuesi
>            Priority: Major
>              Labels: security, security-groups
>             Fix For: 1.10.7
>
>         Attachments: admin_permission_full_of_dags.jpg
>
>   Original Estimate: 168h
>  Remaining Estimate: 168h
>
> From AIRFLOW-2267，there is a function named *update_admin_perm_view* will refresh admin permission then add ALL permission to Admin role.
> But, DAG level access make each DAG a MenuView, these views will be grant to Admin role. As Admin role already have access to *all_dags*, these permissions actually make Admin role's permission more chaotic.
> In my project, it is hard to check permissions in webUI and actually this lead to some performance issues.
>  



--
This message was sent by Atlassian Jira
(v8.3.4#803005)