vincbeck commented on issue #57966: URL: https://github.com/apache/airflow/issues/57966#issuecomment-3571803446
> [@vincbeck](https://github.com/vincbeck) maybe its time to build a full permissions endpoint? I already added my comments in #58292 so please take a look for more details but building a full permissions endpoint is hard because there is no longer notion of roles and permissions in Airflow, everything is delegated to the auth manager. We can easily ask the auth manager "whether this user is allowed to do action X on resource Y" but we cannot ask "give me all the permissions this user has". Plus, to take this exact same example, how to handle fine grained access? Let's say a user can only trigger the Dag "test". How would you retrieve this kind of information in an endpoint and then use it to enable/disable the button on the front-end? I find it very hard. One possible solution would be to either use existing endpoints or creating new ones (preferably creating new ones) to check whether the user is allowed to call a given API. Example: - We expose a new endpoint `OPTIONS /dags/{dag_id}/dagRuns`. This endpoint returns whether the user is allowed to perform this action - The front-end calls this new endpoint and enable/disable the button from its response The downside of this solution is we need to create many new endpoints, even though the implementation of these endpoints would be pretty thin. @pierrejeambrun -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
