andreyolv commented on issue #29897:
URL: https://github.com/apache/airflow/issues/29897#issuecomment-2296580902
I also have this issue in version v2.9.1. In summary:
If the permissions 'can read on ImportError' and 'can read on DAG:test123'
are configured directly on the role, the user can see the import error of this
dag.
However, if the 'can read on ImportError' permission is configured in the
role and the access_control={"Role": {"can_read"}} permission is configured in
the dag test123, the user cannot see the import error of this dag.
I'm actually using dag_policy to mutate the access_control field, but I
don't think that matters in this case. Example:
```
owner_list = ["AAA", "BBB", "CCC"]
dag_owner = dag.owner.split(",")[0]
if not dag_owner in owner_list:
raise AirflowClusterPolicyViolation(
f"DAG {dag.dag_id} has no correct owner. A correct owner
{owner_list} is required."
)
else:
dag.access_control = {dag_owner: {"can_read"\, "can_edit"}}
```
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
