zpinto opened a new issue, #23232: URL: https://github.com/apache/airflow/issues/23232
### Description Currently, Airflow allows the use of a custom security manager for auth within the web application. The custom security manager class is typically declared in the webserver_config.py and dynamically imported and used by flask_appbuilder when the web application starts. Outside of the web application, the Airflow Scheduler(specifically DagBag) uses [ApplessAirflowSecurityManager](https://github.com/apache/airflow/blob/98d52af7074e9a82457515588bdf9cdd6de70f35/airflow/models/dagbag.py#L659) which is a subclass of [AirflowSecurityManager](https://github.com/apache/airflow/blob/98d52af7074e9a82457515588bdf9cdd6de70f35/airflow/www/security.py#L672) and not the custom security manager. This makes it impossible(without monkey patching) to override the logic for `sync_perm_for_dag`. I would like to override this method called by DagBag to implicitly create roles defined in a DAGs `access_control` dict based on some custom logic. I believe a possible approach to allowing DagBag to use a custom ApplessAirflowSecurityManager would be to add a config to `[core]` called something like `appless_security_manager_class` which declares the class. Then, replace the import of ApplessAirflowSecurityManager with a dynamic import of the custom security manager(if specified) similar to the way it is done for the [web application](https://github.com/apache/airflow/blob/98d52af7074e9a82457515588bdf9cdd6de70f35/airflow/www/extensions/init_appbuilder.py#L200). ### Use case/motivation I would like to override the `sync_perm_for_dag` method called by DagBag to implicitly create roles defined in a DAGs `access_control` dict based on some custom logic. This cannot currently be done because DagBag does not use the same custom security manager as the Airflow web application. ### Related issues _No response_ ### Are you willing to submit a PR? - [X] Yes I am willing to submit a PR! ### Code of Conduct - [X] I agree to follow this project's [Code of Conduct](https://github.com/apache/airflow/blob/main/CODE_OF_CONDUCT.md) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
