This is an automated email from the ASF dual-hosted git repository.
jedcunningham pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/airflow.git
The following commit(s) were added to refs/heads/main by this push:
new 4a1d040973 Minor fixup for custom FAB permission consistency warning
(#39469)
4a1d040973 is described below
commit 4a1d04097348d73cc3399e86c3b44a21b098bead
Author: Jed Cunningham <[email protected]>
AuthorDate: Tue May 7 16:00:25 2024 -0400
Minor fixup for custom FAB permission consistency warning (#39469)
---
.../auth-manager/access-control.rst | 20 ++++++++++----------
1 file changed, 10 insertions(+), 10 deletions(-)
diff --git a/docs/apache-airflow-providers-fab/auth-manager/access-control.rst
b/docs/apache-airflow-providers-fab/auth-manager/access-control.rst
index d7cca5c985..4d5637d40d 100644
--- a/docs/apache-airflow-providers-fab/auth-manager/access-control.rst
+++ b/docs/apache-airflow-providers-fab/auth-manager/access-control.rst
@@ -110,16 +110,16 @@ Permissions
.. warning::
- Airflow allows to define custom Roles with fine-grained RBAC permissions for
the users. However,
- there is no mechanism to make sure that the set of permissions assigned is
fully consistent and not all
- combinations of permissions are fully consistent. There are a number of
cases where permissions for
- particular resources are overlapping. Good examples are menu access
permissions - lack of menu access
- does not automatically disable access to functionality they are pointing at.
Another examples is access to
- Role views - which allows to access User information even if the user does
not have "user view" access.
- It is simply inconsistent to add access to Roles where you have no access to
users.
-
- When you decide to use custom set of resource-based permissions, the
Deployment Manager should carefully
- review if the final set of permissions granted to the roles is what they
expect.
+ Airflow allows you to define custom Roles with fine-grained RBAC permissions
for users. However, not all
+ combinations of permissions are fully consistent, and there is no mechanism
to make sure that the set of
+ permissions assigned is fully consistent. There are a number of cases where
permissions for
+ particular resources are overlapping. A good example is menu access
permissions - a lack of menu access
+ does not automatically disable access to the functionality the menu is
pointing at. Another example is access
+ to the Role view, which allows access to User information even if the user
does not have "user view" access.
+ It is simply inconsistent to add access to Roles when you have no access to
users.
+
+ When you decide to use a custom set of resource-based permissions, the
Deployment Manager should carefully
+ review if the final set of permissions granted to roles is what they expect.
Resource-Based permissions
