I think this is one part of the questions: if the user password is not stored in airflow but in an external key management, should we allow user to change password from Airflow or can we implement that? Personally I don't think it's a good idea. That's why I suggested to give `can_userinfo` to all users (at least they don't get a weird 'Access is Denied' message when they try to check their own profile) but only allowing changing profile/password when it's DB authentication.
What I can do is to check how **superset** (https://github.com/apache/incubator-superset) is handling this, which is also based on Flask-AppBuilder if I'm not mistaken. It may provide some good ideas. [ Full content available at: https://github.com/apache/incubator-airflow/pull/3889 ] This message was relayed via gitbox.apache.org for [email protected]
