[ https://issues.apache.org/jira/browse/AIRFLOW-85?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15277231#comment-15277231 ]
Chris Riccomini commented on AIRFLOW-85: ---------------------------------------- We should think through how this fits in with the existing {{/admin}} UI as we move forward. Ideally, I think we want to kill off the existing ACL system and replace it with Flask principals, and proper roles. To me, that means killing off the existing {{/admin/airflow}} UI, and replacing it with the {{/dags}} view. Likewise, we can probably create a {{/dataprofiler}} view and leave the {{/admin}} view with just the admin-related stuff. > Create DAGs UI > -------------- > > Key: AIRFLOW-85 > URL: https://issues.apache.org/jira/browse/AIRFLOW-85 > Project: Apache Airflow > Issue Type: Bug > Components: security, ui > Reporter: Chris Riccomini > > Airflow currently provides only an {{/admin}} UI interface for the webapp. > This UI provides three distinct roles: > * Admin > * Data profiler > * None > In addition, Airflow currently provides the ability to log in, either via a > secure proxy front-end, or via LDAP/Kerberos, within the webapp. > We run Airflow with LDAP authentication enabled. This helps us control access > to the UI. However, there is insufficient granularity within the UI. We would > like to be able to grant users the ability to: > # View their DAGs, but no one else's. > # Control their DAGs, but no one else's. > This is not possible right now. You can take away the ability to access the > connections and data profiling tabs, but users can still see all DAGs, as > well as control the state of the DB by clearing any DAG status, etc. -- This message was sent by Atlassian JIRA (v6.3.4#6332)