Blizzke opened a new issue, #42214:
URL: https://github.com/apache/airflow/issues/42214

   ### Apache Airflow version
   
   Other Airflow 2 version (please specify below)
   
   ### If "Other Airflow 2 version" selected, which one?
   
   2.9.3
   
   ### What happened?
   
   We are trying to limit access to some DAGs and have been trying an example 
that comes verbating from the documentation  and that doesn't work:
   ```
   DAG(
       dag_id="example_fine_grained_access",
       start_date=pendulum.datetime(2021, 1, 1, tz="UTC"),
       access_control={
           "Viewer": {"DAGs": {"can_edit", "can_read", "can_delete"}, "DAG 
Runs": {"can_create"}},
       },
   )
   ```
   (taken from 
[here](https://airflow.apache.org/docs/apache-airflow-providers-fab/stable/auth-manager/access-control.html))
   
   During debugging, `_upgrade_outdated_dag_access_control` was encountered, 
and more specific this little gem:
   ```
           updated_access_control = {}
           for role, perms in access_control.items():
               updated_access_control[role] = {new_perm_mapping.get(perm, perm) 
for perm in perms}
   ```
   Which "translates" the permissions specified originally into 
   ```
   {'Viewer': {'DAG Runs', 'DAGs'}}
   ```
   + a warning.
   
   ### What you think should happen instead?
   
   The Viewer role should get "can_edit/read on 
DAG:example_fine_grained_access" and "can_create on DAG 
Run:example_fine_grained_access".
   
   ### How to reproduce
   
   Use the example from the documentation. 
   
   ### Operating System
   
   Linux
   
   ### Versions of Apache Airflow Providers
   
   _No response_
   
   ### Deployment
   
   Docker-Compose
   
   ### Deployment details
   
   _No response_
   
   ### Anything else?
   
   _No response_
   
   ### Are you willing to submit PR?
   
   - [ ] Yes I am willing to submit a PR!
   
   ### Code of Conduct
   
   - [X] I agree to follow this project's [Code of 
Conduct](https://github.com/apache/airflow/blob/main/CODE_OF_CONDUCT.md)
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to