Hi folks, Over the past few weeks, @Vincent Beck<mailto:[email protected]> and I have been working on a proposal for a multi-tenant model for Apache Airflow<https://docs.google.com/document/d/1n23h26p4_8F5-Cd0JGLPEnF3gumJ5hw3EpwUljz7HcE/edit?usp=sharing>. Building on AIP-43<https://cwiki.apache.org/confluence/display/AIRFLOW/AIP-43+DAG+Processor+separation> (DAG Processor separation) and AIP-44<https://cwiki.apache.org/confluence/display/AIRFLOW/AIP-44+Airflow+Internal+API> (Airflow Internal API), we aim to modify the existing Role-Based Access Control (RBAC) to provide fine-grained access control and pave the way for running Airflow in a multi-tenant fashion.
Multi-tenancy support in Airflow would allow users to use a single Airflow environment to support multiple teams or business units, each with their own isolated workflows, user permissions, and data. This can offer a number of benefits including cost savings from a shared environment, improved collaboration among teams, and enhanced security through isolation, while also reducing the overall operational load. In the proposal, we outline user requirements and describe the design for view-level and resource-level access control. We intentionally did not include technical implementation details, as these will be covered in AIPs after alignment. The proposal also includes open questions and recommendations. We would like to thank Jarek, Filip, and Kaxil for providing early feedback, helping to ensure the design has no obvious flaws. Please review the proposal and provide your feedback by January 18th. We will then proceed to draft AIPs with implementation details based on the final proposal. Regards Shubham Mehta
