有没有办法根据拥有者的角色对DAG进行限制?

huangapple go评论70阅读模式
英文:

Is there any way having restrictions on dags by their owners upon roles

问题

I have some dags owner by user 'abc' and I want to this user a role with permissions to show just those dags on airflow GUI which are owned by user 'abc' and this user can pause or unpause or run its own owned dag. Just to clear here that I cannot use RBAC as RBAC is cloud based authentication, I am having Airflow 2.5.2 installed over docker-compose.

英文:

I have some dags owner by user 'abc' and I want to this user a role with permissions to show just those dags on airflow GUI which are owned by user 'abc' and this user can pause or unpause or run its own owned dag. Just to clear here that I cannot use RBAC as RBAC is cloud based authentication , I am having Airflow 2.5.2 installed over docker-compose.

   ```airflow roles del-perms [-h] [-a [ACTION [ACTION ...]]] -r
                    [RESOURCE [RESOURCE ...]] [-v]
                    [role [role ...]]```

答案1

得分: 1

从Airflow文档中,dag-level permission

例如,如果用户尝试查看example_dag_id的DAG信息,并且端点需要DAGs.can_read访问权限,如果用户具有DAGs.can_read或DAG:example_dag_id.can_read访问权限,则将授予访问权限。

您需要为每个DAG设置用户权限,并删除全局的DAG权限。

英文:

From airflow docs, dag-level permission

For example, if a user is trying to view DAG information for the example_dag_id, and the endpoint requires DAGs.can_read access, access will be granted if the user has either DAGs.can_read or DAG:example_dag_id.can_read access

You need to set to user permissions per dag and remove the Dags global permission.

huangapple
  • 本文由 发表于 2023年5月6日 18:31:32
  • 转载请务必保留本文链接:https://go.coder-hub.com/76188401.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定