[jira] [Commented] (AIRFLOW-85) Create DAGs UI

Fri, 23 Mar 2018 01:20:55 -0700 

    [ 
https://issues.apache.org/jira/browse/AIRFLOW-85?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16410976#comment-16410976
 ] 

ASF subversion and git services commented on AIRFLOW-85:
--------------------------------------------------------

Commit 05e1861e24de42f9a2c649cd93041c5c744504e1 in incubator-airflow's branch 
refs/heads/master from Joy Gao
[ https://git-wip-us.apache.org/repos/asf?p=incubator-airflow.git;h=05e1861 ]

[AIRFLOW-1433][AIRFLOW-85] New Airflow Webserver UI with RBAC support

Closes #3015 from jgao54/rbac


> Create DAGs UI
> --------------
>
>                 Key: AIRFLOW-85
>                 URL: https://issues.apache.org/jira/browse/AIRFLOW-85
>             Project: Apache Airflow
>          Issue Type: Bug
>          Components: security, ui
>            Reporter: Chris Riccomini
>            Assignee: Joy Gao
>            Priority: Major
>             Fix For: 1.10.0
>
>
> Airflow currently provides only an {{/admin}} UI interface for the webapp. 
> This UI provides three distinct roles:
>  * Admin
>  * Data profiler
>  * None
> In addition, Airflow currently provides the ability to log in, either via a 
> secure proxy front-end, or via LDAP/Kerberos, within the webapp.
> We run Airflow with LDAP authentication enabled. This helps us control access 
> to the UI. However, there is insufficient granularity within the UI. We would 
> like to be able to grant users the ability to:
>  # View their DAGs, but no one else's.
>  # Control their DAGs, but no one else's.
> This is not possible right now. You can take away the ability to access the 
> connections and data profiling tabs, but users can still see all DAGs, as 
> well as control the state of the DB by clearing any DAG status, etc.
>  
> (From Airflow-1443)
> The authentication capabilities in the [RBAC design 
> proposal|https://cwiki.apache.org/confluence/display/AIRFLOW/Airflow+RBAC+proposal]
>  introduces a significant amount of work that is otherwise already built-in 
> in existing frameworks.
> Per [community 
> discussion|https://www.mail-archive.com/[email protected]/msg02946.html],
>  Flask-AppBuilder (FAB) is the best fit for Airflow as a foundation to 
> implementing RBAC. This will support integration with different 
> authentication backends out-of-the-box, and generate permissions for views 
> and ORM models that will simplify view-level and dag-level access control.
> This implies modifying the current flask views, and deprecating the current 
> Flask-Admin in favor of FAB's crud.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Reply via email to