feng-tao edited a comment on issue #4642: [AIRFLOW-2694] Declare permissions in DAG definition URL: https://github.com/apache/airflow/pull/4642#issuecomment-469981324 There are so many different discussions today. Here is another long list(https://github.com/apache/airflow/pull/4569). @astahlman , ideally we should, and that is part of original plan / discussion for DAG level access(https://github.com/apache/airflow/pull/3197). We(Me, Max, Joy) discussed multiple approaches for scheduler auto updated within that pr: 1. moved all the FAB models inside Airflow model, which scheduler is aware of the FAB models. And scheduler could directly update the tables in this case. Not a very ideal approach as it will fail once FAB models get updated which requires Airflow updated the model file as well. But ideally it should work with this approach. 2. RBAC is strictly a web construct(Max B's term) which means scheduler is unaware of roles & users, maybe as the supervisor it periodically calls a REST endpoint to trigger creating new perms from new DAGs. This approach has latency / performance concern. We(that pr) end up with create a cli for periodically sync_perm. Not sure how @ashb's approach would work by adding two columns in DAG table given there are no Airflow models defined what are "roles"(only exist in FAB models). The role column I assume should be some FK to the ab_roles table. Not sure what I described makes sense to you.
---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services