I'm in favor of keeping it to help further development around group permissions.
Where I work, we run a multitenant Airflow shared by several teams, and we make generous use of the owner field as a way to group dags together by development team. I've implemented a custom Flask-AppBuilder SecurityManager that syncs LDAP to Owner for permissions, which is much more convenient than managing on a per-dag basis. Owner could be a useful field in the future to help define other group security permissions. For instance, it could be handy to specify which owners have permission to use which Connection objects. On 2019/06/26 10:06:50, Deng Xiaodong <[email protected]> wrote: > Sure thing :) Please refer to> > https://airflow.readthedocs.io/en/1.10.3post1/security.html?highlight=filter_by_owner#multi-tenancy> > > > I didn’t use this feature myself though.> > > > XD> > > On Wed, Jun 26, 2019 at 18:00 airflowuser> > <[email protected]> wrote:> > > > If I may ask...> > > in the Old UI how do you filter DAGs by owner?> > > I'm running 1.10.3 and in the Search bar it searches only DAG it doesn't> > > search by owner.> > >> > >> > > Sent with ProtonMail Secure Email.> > >> > > ‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐> > > On Wednesday, June 26, 2019 12:27 PM, Deng Xiaodong <[email protected]>> > > wrote:> > >> > > > Hi folks,> > > >> > > > In DAG Model, we have "owner" field. In earlier Flask-Admin based UI> > > (which> > > > is already removed in master branch), it was used by "filter_by_user"> > > > config item in [webserver] section to help control access. But now seems> > > > it's not used anywhere already (correct me if I'm wrong).> > > >> > > > I would like to understand from the community: shall we remove this> > > field?> > > > Or there can be other usage on this field?> > > >> > > > One use case I have in mind is to use "owner" to enhance DAG-level access> > > > control. Currently the DAG-level access control is implemented by> > > creating> > > > a new permission for each DAG, which may be "tedious" to manage if there> > > > are many DAGs. We may use "owner" to group DAGs, so we can create new> > > > permission for each "owner" rather than creating new permission for each> > > > single DAG.> > > >> > > > Please share your thoughts. Thanks.> > > >> > > > Best regards,> > > >> > > > XD> > >> > >> > >> >
