[
https://issues.apache.org/jira/browse/AIRFLOW-4888?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16877956#comment-16877956
]
Xiaodong DENG commented on AIRFLOW-4888:
----------------------------------------
[~ash] not sure if I get your point completely. But
https://issues.apache.org/jira/browse/AIRFLOW-3271 is fixed by
[https://github.com/apache/airflow/pull/4118] and released in 1.10.2 (and RBAC
is only generally available from 1.10.0 if I'm not wrong), meaning from 1.10.2,
users are able to edit permissions in UI and the changes would persist. Why
should we provide separate migration tool? Or is there more specific scenario?
> Add migration system for adding RBAC permissions to existing roles
> ------------------------------------------------------------------
>
> Key: AIRFLOW-4888
> URL: https://issues.apache.org/jira/browse/AIRFLOW-4888
> Project: Apache Airflow
> Issue Type: Bug
> Components: core
> Affects Versions: 2.0.0
> Reporter: Ash Berlin-Taylor
> Priority: Major
> Labels: permissions
>
> In our clusters we don't allow any users to be Admin, so we use the Op, User
> and Viewer roles. It turns out that these roles are missing the
> {{can_dagrun_success}} and {{can_dagrun_failure}} permissions.
> Fixing this for new installs is easy, but due to AIRFLOW-3271
> (https://github.com/apache/airflow/pull/4118) we won't alter the roles if
> they already exist, so having some mechanism for adding permissions to roles
> via migrations might be useful.
> As a palyground I started working on
> https://gist.github.com/ashb/f43741740fb0eae59948d52634cda575 - I'm not sure
> if this is too complex or not. (It's also not a complete solution yet)
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
