[
https://issues.apache.org/jira/browse/AIRFLOW-1415?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Emanuele Palese updated AIRFLOW-1415:
-------------------------------------
Issue Type: Bug (was: Improvement)
> Add SuperUserMixin for the Variables CRUD access
> -------------------------------------------------
>
> Key: AIRFLOW-1415
> URL: https://issues.apache.org/jira/browse/AIRFLOW-1415
> Project: Apache Airflow
> Issue Type: Bug
> Components: ui
> Reporter: Emanuele Palese
>
> Only DataProfiling users are allowed to access the Variables CRUD view.
> SuperUsers (by definition) should be allowed to access all views without
> restrictions.
> Furthermore, DataProfiling grants access to the query tool. This tool allows
> users to use ANY connection defined. This is a potential security risk with
> connections that access data sources with different clearances.
> Suggested fix:
> Approach 1:
> In airflow.www.views change:
> {code}
> class VariableView(wwwutils.DataProfilingMixin, AirflowModelView):
> {code}
> with
> {code}
> class VariableView(wwwutils.SuperUserMixin, AirflowModelView):
> {code}
> Approach 2:
> create a new mixin that checks membership for both data profiling and super
> user
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
