Hi Robert, Thanks for reaching out. There is a proposal to support multi team in Airflow in general (and not only to variables). You can see this AIP here: https://cwiki.apache.org/confluence/display/AIRFLOW/AIP-67+Multi-team+deployment+of+Airflow+components. I think this should address what you are trying to achieve here. Please have a read and let us know.
This proposal has been voted already but has not started yet. The plan was to get Airflow out (which is soon) and then start to work on it. Vincent On 2025/04/16 18:07:56 Robert Sanders wrote: > Hello Apache Airflow Dev Community, > > Hope you are all doing well! I wanted to start a thread to get some feedback > about an Airflow Improvement Proposal that our organization thought would be > helpful: > > Motivation > Many companies require strict access control and segregation of data for > security and compliance purposes. In Apache Airflow, while DAG-level > permissions exist, similar controls are not available for Variables. This > lack of granular control poses a risk as different internal teams might > inadvertently or intentionally access and view Variables belonging to other > teams. This can potentially expose sensitive information or configurations. > To address this, a feature request is made to introduce Role-Based Access > Control (RBAC) for Variables, enabling companies to enforce permissions and > ensure that internal teams cannot view each other's Variables. > > Proposed Changes > Introduce permissions for Variables to allow authorization of specific roles > for access. This would include permissions to read, edit, and delete > Variables. > > Example > Variable: `team_a_database_credentials` > Role > Permission > Team A Lead > `can_read`, `can_edit`, `can_delete` > Team A Member > `can_read` > Team B Member > None > > Variable: `team_b_api_key` > Role > Permission > Team B Lead > `can_read`, `can_edit`, `can_delete` > Team B Member > `can_read` > Team A Member > None > > Let us know your thoughts and if you feel this would be beneficial. > > Thank you, > > [LogoDescription automatically generated] > Robert Sanders > Senior Assistant Vice President, Data & Analytics > > e: > > robert.sand...@exlservice.com<mailto:robert.sand...@exlservice.com> > l: > > https://www.linkedin.com/in/robert-sanders-cs/ > > > > > > Follow us on LinkedIn<https://www.linkedin.com/company/exl-service/> > > > www.EXLservice.com<http://www.EXLservice.com> > > > > > > We make sense of data to drive your business forward. > > > This e-mail and any attachments hereto including any file or documents > (collectively or severally, the "Attachments") sent with it are intended > solely for the named recipient(s) or person(s) or entity(ies) to whom they > are addressed. This e-mail (including all its contents including the > Attachment/s) is highly confidential and may be privileged; it may contain > confidential and proprietary business information of ExlService Holdings, > Inc. and / or its affiliates ("Exl") and/ or any of its clients/ partners. If > you are not an intended recipient or if you have received this e-mail > erroneously, please notify us / the sender immediately by replying to the > e-mail and please delete the e-mail and any original message (including all > the appended Attachments) immediately from your system / device. You should > not access / read, or disclose, any of the contents of this e-mail or > Attachment, to any person, or use this e-mail, its contents or Attachment for > any purpose whatsoever. Unauthorized use, copying or further full or partial > distribution or disclosure of this e-mail or its contents or Attachment is > strictly prohibited. Further do not store or copy any content of this e-mail > or Attachment in any medium or in any form or manner whatsoever. Any review, > retransmission, dissemination, disclosure, storage or any other use of or > dealing in including without limitation taking copies of, or taking any > action in reliance upon, the information contained here-in by any person or > entity other than intended recipients is strictly prohibited. Exl and/ or its > affiliates reserve all rights including under law or equity to take > appropriate action including without limitation, seeking injunctive relief > and claim for damages from unauthorized user/s. While this e-mail and any > Attachment are believed to be free of any virus or other malicious content, > it is the sole responsibility of the recipient to ensure that it is virus > free. Exl and / or its affiliates are not liable for any loss, liability or > damage arising in any way from the receipt or use of this e-mail or its > Attachment. This email does not constitute an agreement to conduct > transactions by electronic means and does not create any legally binding > contract or enforceable obligation in the absence of a fully signed written > contract. > --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@airflow.apache.org For additional commands, e-mail: dev-h...@airflow.apache.org
