GitHub user eanikindfi closed a discussion: Airflow RBAC DAG-level permissions (3.0.1)
I am trying to make DAG-level permissions for my roles and I have a question: I have 2 roles, both attached to an user. Their permissions: `[can read on Website, menu access on Configurations, menu access on DAGs, menu access on DAG Runs, menu access on DAG Dependencies, menu access on Task Instances, menu access on Task Logs, can read on Configurations, can read on Task Instances, can read on Task Logs, can read on DAG Runs, can read on DAG Code, can read on DAG Dependencies, can read on DAG Versions, can read on DAG Warnings]` and `[can read on Website, can edit on DAGs, can read on DAG Run:my_dag_test_1, can edit on DAG Run:my_dag_test_1, can create on DAG Run:my_dag_test_1, can read on DAG:my_dag_test_1, can edit on DAG:my_dag_test_1]` As you can see this user doesn't have `can read on DAGs` permission. But they has `can read on DAG:my_dag_test_1`. I've thought that with this set of permissions they will see only `my_dag_test_1` on page `/dags`. But unfortunately they do not see any of the dags. According to documentation access to `/dags` is granted only with permission `can read on DAGs`. Btw a page `/dags/my_dag_test_1` is working fine, but you need to find it manually (you can not access it from `/dags` because you can't see it there). If I add `can read on DAGs` permission user can see ALL dags in `/dags` (also can click them and watch info inside). But I want to create a RBAC model when users have access only to specific dags AND can access them from the list `/dags` page without `can read on DAGs` permission. They should see only specific dags on `/dags` page. Is it possible in 3.0.1 or am I doing something wrong? Please help :) GitHub link: https://github.com/apache/airflow/discussions/53070 ---- This is an automatically sent email for commits@airflow.apache.org. To unsubscribe, please send an email to: commits-unsubscr...@airflow.apache.org
