[ https://issues.apache.org/jira/browse/AIRFLOW-3949?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16778483#comment-16778483 ]
Tao Feng commented on AIRFLOW-3949: ----------------------------------- I don't think this is an issue in this case. > Users should only see the DAGs to which he/she has > "can_dag_view"/"can_dag_edit" permission in the landing page > --------------------------------------------------------------------------------------------------------------- > > Key: AIRFLOW-3949 > URL: https://issues.apache.org/jira/browse/AIRFLOW-3949 > Project: Apache Airflow > Issue Type: Bug > Components: ui > Reporter: Xiaodong DENG > Assignee: Tao Feng > Priority: Major > > In the current master branch > ([https://github.com/apache/airflow/commit/bfa81b53597907ed58b2e01a69ba9fd52ce4a7b9)] > and 1.10.2, the DAG-level access control feature is already there. > According to Feng Tao, in his initial implementation, users aren't able to > see the DAGs to which he/she doesn't have access. But in the testing I have > done, seems I can still see all the DAGs as a role "User" after I have > removed the "can_dag_view on all_dags" and "can_dag_edit on all_dags" from > role "User". > > (The testing was done using the "built-in" sample DAGs only) -- This message was sent by Atlassian JIRA (v7.6.3#76005)