[
https://issues.apache.org/jira/browse/AIRFLOW-85?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15277231#comment-15277231
]
Chris Riccomini commented on AIRFLOW-85:
----------------------------------------
We should think through how this fits in with the existing {{/admin}} UI as we
move forward. Ideally, I think we want to kill off the existing ACL system and
replace it with Flask principals, and proper roles. To me, that means killing
off the existing {{/admin/airflow}} UI, and replacing it with the {{/dags}}
view. Likewise, we can probably create a {{/dataprofiler}} view and leave the
{{/admin}} view with just the admin-related stuff.
> Create DAGs UI
> --------------
>
> Key: AIRFLOW-85
> URL: https://issues.apache.org/jira/browse/AIRFLOW-85
> Project: Apache Airflow
> Issue Type: Bug
> Components: security, ui
> Reporter: Chris Riccomini
>
> Airflow currently provides only an {{/admin}} UI interface for the webapp.
> This UI provides three distinct roles:
> * Admin
> * Data profiler
> * None
> In addition, Airflow currently provides the ability to log in, either via a
> secure proxy front-end, or via LDAP/Kerberos, within the webapp.
> We run Airflow with LDAP authentication enabled. This helps us control access
> to the UI. However, there is insufficient granularity within the UI. We would
> like to be able to grant users the ability to:
> # View their DAGs, but no one else's.
> # Control their DAGs, but no one else's.
> This is not possible right now. You can take away the ability to access the
> connections and data profiling tabs, but users can still see all DAGs, as
> well as control the state of the DB by clearing any DAG status, etc.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
