Return-Path: X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183]) by cust-asf2.ponee.io (Postfix) with ESMTP id 5694E200CC8 for ; Fri, 14 Jul 2017 22:50:05 +0200 (CEST) Received: by cust-asf.ponee.io (Postfix) id 5509A16E6F4; Fri, 14 Jul 2017 20:50:05 +0000 (UTC) Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by cust-asf.ponee.io (Postfix) with SMTP id 9D00D16E6F2 for ; Fri, 14 Jul 2017 22:50:04 +0200 (CEST) Received: (qmail 33947 invoked by uid 500); 14 Jul 2017 20:50:03 -0000 Mailing-List: contact commits-help@airflow.incubator.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@airflow.incubator.apache.org Delivered-To: mailing list commits@airflow.incubator.apache.org Received: (qmail 33938 invoked by uid 99); 14 Jul 2017 20:50:03 -0000 Received: from pnap-us-west-generic-nat.apache.org (HELO spamd4-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 14 Jul 2017 20:50:03 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd4-us-west.apache.org (ASF Mail Server at spamd4-us-west.apache.org) with ESMTP id 56E1DC00B6 for ; Fri, 14 Jul 2017 20:50:03 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd4-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: -100.002 X-Spam-Level: X-Spam-Status: No, score=-100.002 tagged_above=-999 required=6.31 tests=[RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001, USER_IN_WHITELIST=-100] autolearn=disabled Received: from mx1-lw-us.apache.org ([10.40.0.8]) by localhost (spamd4-us-west.apache.org [10.40.0.11]) (amavisd-new, port 10024) with ESMTP id v1lZLNUsihRK for ; Fri, 14 Jul 2017 20:50:01 +0000 (UTC) Received: from mailrelay1-us-west.apache.org (mailrelay1-us-west.apache.org [209.188.14.139]) by mx1-lw-us.apache.org (ASF Mail Server at mx1-lw-us.apache.org) with ESMTP id 022975FD18 for ; Fri, 14 Jul 2017 20:50:01 +0000 (UTC) Received: from jira-lw-us.apache.org (unknown [207.244.88.139]) by mailrelay1-us-west.apache.org (ASF Mail Server at mailrelay1-us-west.apache.org) with ESMTP id 94463E0D51 for ; Fri, 14 Jul 2017 20:50:00 +0000 (UTC) Received: from jira-lw-us.apache.org (localhost [127.0.0.1]) by jira-lw-us.apache.org (ASF Mail Server at jira-lw-us.apache.org) with ESMTP id 3854524760 for ; Fri, 14 Jul 2017 20:50:00 +0000 (UTC) Date: Fri, 14 Jul 2017 20:50:00 +0000 (UTC) From: "Chris Riccomini (JIRA)" To: commits@airflow.incubator.apache.org Message-ID: In-Reply-To: References: Subject: [jira] [Commented] (AIRFLOW-85) Create DAGs UI MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 archived-at: Fri, 14 Jul 2017 20:50:05 -0000 [ https://issues.apache.org/jira/browse/AIRFLOW-85?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16088037#comment-16088037 ] Chris Riccomini commented on AIRFLOW-85: ---------------------------------------- Latest proposal on this is here: https://cwiki.apache.org/confluence/display/AIRFLOW/Airflow+RBAC+proposal Pre-req to doing this work is to convert Airflow to Flask app builder, per discussion here: https://www.mail-archive.com/dev@airflow.incubator.apache.org/msg02946.html > Create DAGs UI > -------------- > > Key: AIRFLOW-85 > URL: https://issues.apache.org/jira/browse/AIRFLOW-85 > Project: Apache Airflow > Issue Type: Bug > Components: security, ui > Reporter: Chris Riccomini > > Airflow currently provides only an {{/admin}} UI interface for the webapp. This UI provides three distinct roles: > * Admin > * Data profiler > * None > In addition, Airflow currently provides the ability to log in, either via a secure proxy front-end, or via LDAP/Kerberos, within the webapp. > We run Airflow with LDAP authentication enabled. This helps us control access to the UI. However, there is insufficient granularity within the UI. We would like to be able to grant users the ability to: > # View their DAGs, but no one else's. > # Control their DAGs, but no one else's. > This is not possible right now. You can take away the ability to access the connections and data profiling tabs, but users can still see all DAGs, as well as control the state of the DB by clearing any DAG status, etc. -- This message was sent by Atlassian JIRA (v6.4.14#64029)