davido912 opened a new issue #13891: URL: https://github.com/apache/airflow/issues/13891
Previous versions (before 2.0) allowed for granular can_edit DAG permissions so that different user groups can trigger different DAGs and access control is more specific. Since 2.0 it seems that this does not work as expected. How to reproduce: Create a copy of the VIEWER role, try adding it can dag edit on a specific DAG. **Expected Result:** user can trigger said DAG. **Actual Result:** user access is denied. It seems to be a new parameter was added: **can create on DAG runs** and without it the user cannot run DAGs, however, with it, the user can run all DAGs without limitations and I believe this is an unintended use. ---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected]
