[
https://issues.apache.org/jira/browse/AIRFLOW-4888?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16877984#comment-16877984
]
Tao Feng commented on AIRFLOW-4888:
-----------------------------------
[~ash] I vaguely remembered the issue was due to the fact that I changed the
permission for the default roles?I assume if we are going to make a migration
script, it is mostly for migration from old 1.10 setup to 1.10.2/1.10.3?
The only concern is that RBAC model has many different tables. I am not sure
how easily to cover it in a migration script. And should we move the model
files inside airflow as well? If you feel it is not complicated, I am +1 for
the migration script.
> Add migration system for adding RBAC permissions to existing roles
> ------------------------------------------------------------------
>
> Key: AIRFLOW-4888
> URL: https://issues.apache.org/jira/browse/AIRFLOW-4888
> Project: Apache Airflow
> Issue Type: Bug
> Components: core
> Affects Versions: 2.0.0
> Reporter: Ash Berlin-Taylor
> Priority: Major
> Labels: permissions
>
> In our clusters we don't allow any users to be Admin, so we use the Op, User
> and Viewer roles. It turns out that these roles are missing the
> {{can_dagrun_success}} and {{can_dagrun_failure}} permissions.
> Fixing this for new installs is easy, but due to AIRFLOW-3271
> (https://github.com/apache/airflow/pull/4118) we won't alter the roles if
> they already exist, so having some mechanism for adding permissions to roles
> via migrations might be useful.
> As a palyground I started working on
> https://gist.github.com/ashb/f43741740fb0eae59948d52634cda575 - I'm not sure
> if this is too complex or not. (It's also not a complete solution yet)
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
