[ https://issues.apache.org/jira/browse/AIRFLOW-4888?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16877984#comment-16877984 ]
Tao Feng commented on AIRFLOW-4888: ----------------------------------- [~ash] I vaguely remembered the issue was due to the fact that I changed the permission for the default roles?I assume if we are going to make a migration script, it is mostly for migration from old 1.10 setup to 1.10.2/1.10.3? The only concern is that RBAC model has many different tables. I am not sure how easily to cover it in a migration script. And should we move the model files inside airflow as well? If you feel it is not complicated, I am +1 for the migration script. > Add migration system for adding RBAC permissions to existing roles > ------------------------------------------------------------------ > > Key: AIRFLOW-4888 > URL: https://issues.apache.org/jira/browse/AIRFLOW-4888 > Project: Apache Airflow > Issue Type: Bug > Components: core > Affects Versions: 2.0.0 > Reporter: Ash Berlin-Taylor > Priority: Major > Labels: permissions > > In our clusters we don't allow any users to be Admin, so we use the Op, User > and Viewer roles. It turns out that these roles are missing the > {{can_dagrun_success}} and {{can_dagrun_failure}} permissions. > Fixing this for new installs is easy, but due to AIRFLOW-3271 > (https://github.com/apache/airflow/pull/4118) we won't alter the roles if > they already exist, so having some mechanism for adding permissions to roles > via migrations might be useful. > As a palyground I started working on > https://gist.github.com/ashb/f43741740fb0eae59948d52634cda575 - I'm not sure > if this is too complex or not. (It's also not a complete solution yet) -- This message was sent by Atlassian JIRA (v7.6.3#76005)