You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@airflow.apache.org by GitBox <gi...@apache.org> on 2021/01/06 10:38:09 UTC
[GitHub] [airflow] davido912 opened a new issue #13511: Default Airflow 2.0 RBAC unexpected behaviour
davido912 opened a new issue #13511:
URL: https://github.com/apache/airflow/issues/13511
After having transitioned to Airflow 2.0 from previous versions where RBAC functioned fine, facing a new behaviour which I don't know if is expected.
When creating a new role instead of using VIEWER permissions as base, Airflow enforces same permissions as user, this results in not being able to set granular access control for specific DAGs.
Additional attempts were done editing the VIEWER role to grant it access to dag_edit on specific DAGs but it doesn't work as well. Any other permission is too permissive and grants full access to running DAGs to the role. Could not find anything in the documentation that would mean something is done wrong.
How to reproduce:
simply run the official helm chart on the repository, try creating a new role and after some time it will sync creating all the permissions similar to USER. Or, just try granting granular dag_edit permissions on a specific DAG and note that permission is still denied.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [airflow] kaxil commented on issue #13511: Default Airflow 2.0 RBAC unexpected behaviour
Posted by GitBox <gi...@apache.org>.
kaxil commented on issue #13511:
URL: https://github.com/apache/airflow/issues/13511#issuecomment-765594067
cc @jhtimmins -- Can you take a look at this please when you have time.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [airflow] davido912 commented on issue #13511: Default Airflow 2.0 RBAC unexpected behaviour
Posted by GitBox <gi...@apache.org>.
davido912 commented on issue #13511:
URL: https://github.com/apache/airflow/issues/13511#issuecomment-755441127
@kaxil
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [airflow] jhtimmins commented on issue #13511: Default Airflow 2.0 RBAC unexpected behaviour
Posted by GitBox <gi...@apache.org>.
jhtimmins commented on issue #13511:
URL: https://github.com/apache/airflow/issues/13511#issuecomment-765808057
Yeah this should also be fixed by #13856, however the new behavior won't add any additional permissions to new roles except the ability to view the home page. Rather than replicating permissions from existing roles, you can assign multiple roles to a user.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [airflow] davido912 closed issue #13511: Default Airflow 2.0 RBAC unexpected behaviour
Posted by GitBox <gi...@apache.org>.
davido912 closed issue #13511:
URL: https://github.com/apache/airflow/issues/13511
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [airflow] davido912 commented on issue #13511: Default Airflow 2.0 RBAC unexpected behaviour
Posted by GitBox <gi...@apache.org>.
davido912 commented on issue #13511:
URL: https://github.com/apache/airflow/issues/13511#issuecomment-766833090
Closing this as the part where a role would be populated with USER permissions is fixed according to the above commit. However, one issue still persists and I opened a new issue for it.
https://github.com/apache/airflow/issues/13891
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [airflow] davido912 commented on issue #13511: Default Airflow 2.0 RBAC unexpected behaviour
Posted by GitBox <gi...@apache.org>.
davido912 commented on issue #13511:
URL: https://github.com/apache/airflow/issues/13511#issuecomment-766833090
Closing this as the part where a role would be populated with USER permissions is fixed according to the above commit. However, one issue still persists and I opened a new issue for it.
https://github.com/apache/airflow/issues/13891
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [airflow] davido912 closed issue #13511: Default Airflow 2.0 RBAC unexpected behaviour
Posted by GitBox <gi...@apache.org>.
davido912 closed issue #13511:
URL: https://github.com/apache/airflow/issues/13511
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org