Blizzke opened a new issue, #42214:
URL: https://github.com/apache/airflow/issues/42214
### Apache Airflow version
Other Airflow 2 version (please specify below)
### If "Other Airflow 2 version" selected, which one?
2.9.3
### What happened?
We are trying to limit access to some DAGs and have been trying an example
that comes verbating from the documentation and that doesn't work:
```
DAG(
dag_id="example_fine_grained_access",
start_date=pendulum.datetime(2021, 1, 1, tz="UTC"),
access_control={
"Viewer": {"DAGs": {"can_edit", "can_read", "can_delete"}, "DAG
Runs": {"can_create"}},
},
)
```
(taken from
[here](https://airflow.apache.org/docs/apache-airflow-providers-fab/stable/auth-manager/access-control.html))
During debugging, `_upgrade_outdated_dag_access_control` was encountered,
and more specific this little gem:
```
updated_access_control = {}
for role, perms in access_control.items():
updated_access_control[role] = {new_perm_mapping.get(perm, perm)
for perm in perms}
```
Which "translates" the permissions specified originally into
```
{'Viewer': {'DAG Runs', 'DAGs'}}
```
+ a warning.
### What you think should happen instead?
The Viewer role should get "can_edit/read on
DAG:example_fine_grained_access" and "can_create on DAG
Run:example_fine_grained_access".
### How to reproduce
Use the example from the documentation.
### Operating System
Linux
### Versions of Apache Airflow Providers
_No response_
### Deployment
Docker-Compose
### Deployment details
_No response_
### Anything else?
_No response_
### Are you willing to submit PR?
- [ ] Yes I am willing to submit a PR!
### Code of Conduct
- [X] I agree to follow this project's [Code of
Conduct](https://github.com/apache/airflow/blob/main/CODE_OF_CONDUCT.md)
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
