airflow-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "ASF subversion and git services (Jira)" <j...@apache.org>
Subject [jira] [Commented] (AIRFLOW-5562) Skip grant single DAG permissions for Admin role
Date Sat, 14 Dec 2019 01:29:00 GMT

    [ https://issues.apache.org/jira/browse/AIRFLOW-5562?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16996051#comment-16996051
] 

ASF subversion and git services commented on AIRFLOW-5562:
----------------------------------------------------------

Commit 85ad1900f0d7ee773a9a38c49a14c5717a00c4cc in airflow's branch refs/heads/v1-10-test
from Liu Xuesi
[ https://gitbox.apache.org/repos/asf?p=airflow.git;h=85ad190 ]

[AIRFLOW-5562] Skip grant single DAG permissions for Admin role. (#6199)

* [AIRFLOW-5562] Skip grant single DAG permissions for Admin role.

- Admin role have all permissions so it does not need to be re-authorized.
- Too many permissions for role is not good for view and performance.

* [AIRFLOW-5562] Fix typo in last change.

(cherry picked from commit d800ed66320e45c5bcf6782176553ceb82050011)


> Skip grant single DAG permissions for Admin role
> ------------------------------------------------
>
>                 Key: AIRFLOW-5562
>                 URL: https://issues.apache.org/jira/browse/AIRFLOW-5562
>             Project: Apache Airflow
>          Issue Type: Improvement
>          Components: security
>    Affects Versions: 1.10.3, 1.10.4, 1.10.5
>            Reporter: Liu Xuesi
>            Assignee: Liu Xuesi
>            Priority: Major
>              Labels: security, security-groups
>             Fix For: 1.10.7
>
>         Attachments: admin_permission_full_of_dags.jpg
>
>   Original Estimate: 168h
>  Remaining Estimate: 168h
>
> From AIRFLOW-2267,there is a function named *update_admin_perm_view* will refresh admin
permission then add ALL permission to Admin role.
> But, DAG level access make each DAG a MenuView, these views will be grant to Admin role.
As Admin role already have access to *all_dags*, these permissions actually make Admin role's
permission more chaotic.
> In my project, it is hard to check permissions in webUI and actually this lead to some
performance issues.
>  



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Mime
View raw message