You are correct that currently all DAGs can access all connections and 

The other thing to bear in mind: currently PythonOperators have an active 
connection to the metadata DB where connections are stored, so at best this is 
"co-operative" security, to prevent one team from accessing another team's 
connections, and not a hard barrier against an even mildly determined attacker.

As for the implementation of it: it would be worth looking to see if we can use 
the Permissions model built in to FAB (Flask App Builder) that we are using in 
the RBAC-based UI. This would allow for much more granular permissions, and 
provides a pre-existing management UI for it to.

I don't know if this would make the work dependent on the (in progress?) 
DAG-level access controls.


> On 19 Sep 2018, at 15:00, Deng Xiaodong <> wrote:
> Hi folks,
> Thinking of a scenario: I may have multiple users in the same Airflow
> instance. I can use filter_by_owner feature so that each user can only see
> their own DAGs. But what if their DAGs are using different data sources,
> say owner A is using mysql_conn_a, and owner B is using mysql_conn_b, and
> we don't want to allow them to access each other's database?
> Seems like all DAG (no matter who is the owner) can access all defined
> connections? or have I missed something?
> If my suspicion is making sense, I think it would be necessary to have
> values "*if_protect*" and "*owner*" for each connection. When "if_protect"
> == True, only DAGs whose owner == "owner" would be able to use this
> connection. I would like to take this up to prepare a PR.
> Thanks.
> XD

Reply via email to