[
https://issues.apache.org/jira/browse/AIRFLOW-4888?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16877525#comment-16877525
]
Ash Berlin-Taylor commented on AIRFLOW-4888:
--------------------------------------------
[~TaoFeng] [~XD-DENG] We were discussing this a few months ago. Do you have
thoughts on how best to handle it? I can make the permissions migrations work
if we think it's the way to go.
> Add migration system for adding RBAC permissions to existing roles
> ------------------------------------------------------------------
>
> Key: AIRFLOW-4888
> URL: https://issues.apache.org/jira/browse/AIRFLOW-4888
> Project: Apache Airflow
> Issue Type: Bug
> Components: core
> Affects Versions: 2.0.0
> Reporter: Ash Berlin-Taylor
> Priority: Major
> Labels: permissions
>
> In our clusters we don't allow any users to be Admin, so we use the Op, User
> and Viewer roles. It turns out that these roles are missing the
> {{can_dagrun_success}} and {{can_dagrun_failure}} permissions.
> Fixing this for new installs is easy, but due to AIRFLOW-3271
> (https://github.com/apache/airflow/pull/4118) we won't alter the roles if
> they already exist, so having some mechanism for adding permissions to roles
> via migrations might be useful.
> As a palyground I started working on
> https://gist.github.com/ashb/f43741740fb0eae59948d52634cda575 - I'm not sure
> if this is too complex or not. (It's also not a complete solution yet)
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
