[jira] [Resolved] (AIRFLOW-85) Create DAGs UI

Fri, 23 Mar 2018 01:20:59 -0700 

     [ 
https://issues.apache.org/jira/browse/AIRFLOW-85?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Bolke de Bruin resolved AIRFLOW-85.
-----------------------------------
       Resolution: Fixed
    Fix Version/s: 1.10.0

Issue resolved by pull request #3015
[https://github.com/apache/incubator-airflow/pull/3015]

> Create DAGs UI
> --------------
>
>                 Key: AIRFLOW-85
>                 URL: https://issues.apache.org/jira/browse/AIRFLOW-85
>             Project: Apache Airflow
>          Issue Type: Bug
>          Components: security, ui
>            Reporter: Chris Riccomini
>            Assignee: Joy Gao
>            Priority: Major
>             Fix For: 1.10.0
>
>
> Airflow currently provides only an {{/admin}} UI interface for the webapp. 
> This UI provides three distinct roles:
>  * Admin
>  * Data profiler
>  * None
> In addition, Airflow currently provides the ability to log in, either via a 
> secure proxy front-end, or via LDAP/Kerberos, within the webapp.
> We run Airflow with LDAP authentication enabled. This helps us control access 
> to the UI. However, there is insufficient granularity within the UI. We would 
> like to be able to grant users the ability to:
>  # View their DAGs, but no one else's.
>  # Control their DAGs, but no one else's.
> This is not possible right now. You can take away the ability to access the 
> connections and data profiling tabs, but users can still see all DAGs, as 
> well as control the state of the DB by clearing any DAG status, etc.
>  
> (From Airflow-1443)
> The authentication capabilities in the [RBAC design 
> proposal|https://cwiki.apache.org/confluence/display/AIRFLOW/Airflow+RBAC+proposal]
>  introduces a significant amount of work that is otherwise already built-in 
> in existing frameworks.
> Per [community 
> discussion|https://www.mail-archive.com/[email protected]/msg02946.html],
>  Flask-AppBuilder (FAB) is the best fit for Airflow as a foundation to 
> implementing RBAC. This will support integration with different 
> authentication backends out-of-the-box, and generate permissions for views 
> and ORM models that will simplify view-level and dag-level access control.
> This implies modifying the current flask views, and deprecating the current 
> Flask-Admin in favor of FAB's crud.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Reply via email to