[jira] [Commented] (AIRFLOW-85) Create DAGs UI

Thu, 08 Feb 2018 11:43:17 -0800 

    [ 
https://issues.apache.org/jira/browse/AIRFLOW-85?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16357471#comment-16357471
 ] 

Joy Gao commented on AIRFLOW-85:
--------------------------------

Closed AIRFLOW-1433 as dupe since the FAB work will directly fix the issue 
here. 

> Create DAGs UI
> --------------
>
>                 Key: AIRFLOW-85
>                 URL: https://issues.apache.org/jira/browse/AIRFLOW-85
>             Project: Apache Airflow
>          Issue Type: Bug
>          Components: security, ui
>            Reporter: Chris Riccomini
>            Assignee: Joy Gao
>            Priority: Major
>
> Airflow currently provides only an {{/admin}} UI interface for the webapp. 
> This UI provides three distinct roles:
>  * Admin
>  * Data profiler
>  * None
> In addition, Airflow currently provides the ability to log in, either via a 
> secure proxy front-end, or via LDAP/Kerberos, within the webapp.
> We run Airflow with LDAP authentication enabled. This helps us control access 
> to the UI. However, there is insufficient granularity within the UI. We would 
> like to be able to grant users the ability to:
>  # View their DAGs, but no one else's.
>  # Control their DAGs, but no one else's.
> This is not possible right now. You can take away the ability to access the 
> connections and data profiling tabs, but users can still see all DAGs, as 
> well as control the state of the DB by clearing any DAG status, etc.
>  
> From Airflow-1443:
> The authentication capabilities in the RBAC design proposal introduces a 
> significant amount of work that is otherwise already built-in in existing 
> frameworks.
> Per community discussion, Flask-AppBuilder (FAB) is the best fit for Airflow 
> as a foundation to implementing RBAC. This will support integration with 
> different authentication backends out-of-the-box, and generate permissions 
> for views and ORM models that will simplify view-level and dag-level access 
> control.
> This implies modifying the current flask views, and deprecating the current 
> Flask-Admin in favor of FAB's crud.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Reply via email to