Re: DAG Level permissions (was Re: RBAC Update)

Nice work Feng. We were waiting for this from our end. Looking forward to contributing for the upcoming feature for DAG group access control. Martin > > > >

Re: DAG Level permissions (was Re: RBAC Update)

Awesome work Feng. Well done. On 17/07/2018, 13:27, "James Meickle" wrote: Really excited for this one - we have a lot of internal access controls and this will help us implement them properly. It's going to be great being able to give everyone access to see the overall state of D

Re: DAG Level permissions (was Re: RBAC Update)

Really excited for this one - we have a lot of internal access controls and this will help us implement them properly. It's going to be great being able to give everyone access to see the overall state of DAG progress without seeing its parameters or logs! On Tue, Jul 17, 2018 at 12:48 AM, Ruiqin

Re: DAG Level permissions (was Re: RBAC Update)

Congratulations! Extraordinary work! Thank you very much! This has been a highly desired feature for us for quite a while. Cheers, Kevin Yang Tao Feng 于2018年7月16日 周一下午9:30写道： > Hi, > > Just want to give an update that Airflow DAG level access just checked in > today(https://github.com/apache/inc

Re: DAG Level permissions (was Re: RBAC Update)

Hi, Just want to give an update that Airflow DAG level access just checked in today(https://github.com/apache/incubator-airflow/pull/3197). Thanks a lot for Max and Joy's review which helps me improving the pr. I create the following three tickets as a follow up: https://issues.apache.org/jira/

Re: DAG Level permissions (was Re: RBAC Update)

Hi Max, Joy and Everyone, Based on the discussion, I put up a work in progress pr ( https://github.com/apache/incubator-airflow/pull/3197/) with a doc( https://docs.google.com/document/d/1qs26lE9kAuCY0Qa0ga- 80EQ7d7m4s-590lhjtMBjmxw/edit#) for DAG level access. I would like to get some early feedb

Re: DAG Level permissions (was Re: RBAC Update)

Hi everyone, Thanks a lot for all the great discussions. To summarize in brief, here are the few approaches we discussed so far: 1. One permission per DAG. The user has homogenous rights on the dag. The concerns: - not flexible to certain use cases(e.g the user has view only access on

Re: RBAC Update

To my mind, I would expect the MVP of per-DAG RBAC to include three settings: viewing DAG state, executing or modifying DAGs, and viewing tasks within the DAG (logs/code/details). For instance we would love to expose a view of the production dataload state to our engineers, without exposing product

Re: DAG Level permissions (was Re: RBAC Update)

+1! I was originally tempted to re-use existing perms and views for dag-level access control since dag-level perm/view is a subset of view-level perm/view, but your proposal of defining new dag-level perms/views independent from view-level perms/views is interesting. This actually makes a lot of s

Re: DAG Level permissions (was Re: RBAC Update)

I'd suggest something else that avoids having to add a 3rd column. I think we can fit our use case into the existing structure nicely. My idea is to mimic what FAB does with its own Models. When you create a Model and ModelView in FAB (say DagRun for example), it creates a new view_menu (DagRun)

Re: DAG Level permissions (was Re: RBAC Update)

Hi all, I also agree that having view-only access to some dags while write access to other dags is useful, so I prefer option 2. Although option 2 is more difficult to manage, it is cleaner and more consistent with the current security model. (On the other hand, even though option 1 may be may be

Re: RBAC Update

I’d think we’d have privilege ‘can_view’ etc, and then a join table (priv) <-> (dagid) <-> (user/group). Then it’s a simple query to get the perms for a given dag (as you list In option 2 below). It also makes a “secure by default” easy - a lack of entries in that table for a dag can mean only

DAG Level permissions (was Re: RBAC Update)

(Creating a new thread) Hi Max, I was just wondering about this. There are definite use cases for people having only view access to some DAGs, mostly for monitoring. I want to know what the upstream DAGs are doing, but maybe I don't need clear/run access. I feel like the granular operation permi

Re: RBAC Update

Hijacking the thread further here, any thoughts on how to breakdown per DAG access? Tao & I are talking about introducing per-DAG permissions and one big question is whether we'll need to support different operation-types at a per-DAG level, which changes the way we need to model the perms. First

Re: RBAC Update

Great work Joy. This is awesome! I am interested in helping out the per dag level access. Just created a ticket to check(AIRFLOW-2267). Let me know if you have any suggestions. I will share my proposal once I am ready. On Fri, Mar 23, 2018 at 6:45 PM, Joy Gao wrote: > Hey guys! > > The RBAC UI

Re: RBAC Update

This is super exciting for us, as we want one of our non-technical teams to be able to re-run failed DAGs. Will be giving this a try soon as I'm back from SREcon! On Fri, Mar 23, 2018 at 9:45 PM, Joy Gao wrote: > Hey guys! > > The RBAC UI h

Re: RBAC Update

Awesome.. Great work indeed.. On Sat, Mar 24, 2018, 13:43 Bolke de Bruin wrote: > Hear hear! > > Bolke. > > > On 24 Mar 2018, at 06:01, Arthur Wiedmer > wrote: > > > > Thanks a lot for all the effort Joy! > > > > Great job! > > > > Best, > > Arthur > > > > On Fri, Mar 23, 2018 at 6:45 PM, Joy G

Re: RBAC Update

Hear hear! Bolke. > On 24 Mar 2018, at 06:01, Arthur Wiedmer wrote: > > Thanks a lot for all the effort Joy! > > Great job! > > Best, > Arthur > > On Fri, Mar 23, 2018 at 6:45 PM, Joy Gao wrote: > >> Hey guys! >> >> The RBAC UI has >

Re: RBAC Update

Thanks a lot for all the effort Joy! Great job! Best, Arthur On Fri, Mar 23, 2018 at 6:45 PM, Joy Gao wrote: > Hey guys! > > The RBAC UI has > been merged to master. I'm looking forward to early adopters' feedback and > bug reports. I als

Re: RBAC Update

Amazing work! Super excited about this. I know you've spent a lot of time and energy on it :) > On Mar 23, 2018, at 6:45 PM, Joy Gao wrote: > > Hey guys! > > The RBAC UI has > been merged to master. I'm looking forward to early adopters'

Re: RBAC Update

Awesome, great work Joy! Max On Fri, Mar 23, 2018 at 6:45 PM, Joy Gao wrote: > Hey guys! > > The RBAC UI has > been merged to master. I'm looking forward to early adopters' feedback and > bug reports. I also hope to have more folks helping

Re: RBAC Update

Hey guys! The RBAC UI has been merged to master. I'm looking forward to early adopters' feedback and bug reports. I also hope to have more folks helping out with the RBAC UI, especially with introducing DAG-Level access control, which is a fe

Re: RBAC Update

Hi folks, I have a PR out for the new UI. I've included instructions on how to test it out in the PR description. Looking forward to your feedbacks. Cheers, Joy On Fri, Dec 1, 2017 at 6:18 PM, Joy Gao wrote: > Thanks for the background in

Re: RBAC Update

Thanks for the background info. Would be really awesome for you to have PyPi access :D I'll make the change to have Airflow Webserver's FAB dependency pointing to my fork for the mean time. For folks who are interested in RBAC, I will be giving a talk/demo at the Airflow Meet-Up

Re: RBAC Update

A bit of related history here: https://github.com/dpgaspar/Flask-AppBuilder/issues/399 On Thu, Nov 30, 2017 at 8:33 AM, Maxime Beauchemin < maximebeauche...@gmail.com> wrote: > Given I have merge rights on FAB I could probably do another round of > review and get your PRs through. I would really

Re: RBAC Update

Given I have merge rights on FAB I could probably do another round of review and get your PRs through. I would really like to get the main maintainer's input on things that touch the core (composite-key support) as he might have concerns/intuitions that we can't know about. I do not have Pypi acce

Re: RBAC Update

I just created a new webserver instance if you haven't gotten a chance to fiddle around with the new web UI and the RBAC configurations (thanks Maxime for getting started with this earlier!): http://104.209.38.171:8080/ Admin Account username: admin password: admin Read-Only Account username: vi

Re: RBAC Update

Hi folks, Thanks for all the feedback regarding to the new Airflow Webserver UI ! I've been actively addressing all the bugs that were raised on Github. So I want to take this opportunity to discuss two issues coming up: The first issue is unaddressed

Re: RBAC Update

Thank you everyone for the active feedback so far, and thanks for setting up the demo Maxime! Going to work on pruning through the issues in the upcoming days. Fokko/Maxime, do you recall the SQLAlchemy Exception message so I can look into it? Otherwise I'll wait until it's down again =P Cheers,

Re: RBAC Update

I just restarted it, not sure how long it will take to get in a bad state again... Max On Sun, Nov 19, 2017 at 11:55 PM, Driesprong, Fokko wrote: > Good morning, > > The demo provided by Max is down, it throws a SQLAlchemyexception :'( > > Cheers, Fokko > > 2017-11-18 19:14 GMT+01:00 Chris Ricc

Re: RBAC Update

Good morning, The demo provided by Max is down, it throws a SQLAlchemyexception :'( Cheers, Fokko 2017-11-18 19:14 GMT+01:00 Chris Riccomini : > @bolke, open issues on the Github repo, please. > > On Sat, Nov 18, 2017 at 10:13 AM, Bolke de Bruin > wrote: > > > Chris, > > > > Do you want us to

Re: RBAC Update

@bolke, open issues on the Github repo, please. On Sat, Nov 18, 2017 at 10:13 AM, Bolke de Bruin wrote: > Chris, > > Do you want us to report bugs somewhere (I have encountered a few)? Or > just generic user experiences posted here? > > Cheers > Bolke > > > On 18 Nov 2017, at 00:47, Chris Riccom

Re: RBAC Update

Chris, Do you want us to report bugs somewhere (I have encountered a few)? Or just generic user experiences posted here? Cheers Bolke > On 18 Nov 2017, at 00:47, Chris Riccomini wrote: > > Hey all, > > I know the weekend is coming up, and for those of us in the US, next week > is a bit of a

Re: RBAC Update

1) Short answer: currently now. Long answer: I am working on a patch (albeit slowly) for FAB to do this. Unfortunately, getting into this level with FAB is a bit daunting and not as intuitive as I had hoped. 2) The url proved by Max is live so that is even better than screenshots. > On 18 Nov

Re: RBAC Update

http://airflow.westus.cloudapp.azure.com:8080/ login: admin psw: admin On Fri, Nov 17, 2017 at 9:58 PM, Ruslan Dautkhanov wrote: > That's awesome. > > 1. would it be possible to map an ldap group for example to view level > access roles? > 2. screenshots would be nice > > Thank you. > > > > -

Re: RBAC Update

That's awesome. 1. would it be possible to map an ldap group for example to view level access roles? 2. screenshots would be nice Thank you. -- Ruslan Dautkhanov On Fri, Nov 17, 2017 at 2:44 PM, Joy Gao wrote: > Hi guys. > > I've been working on moving airflow from Flask-Admin to Flask-App

Re: RBAC Update

Good work! I'll try to take the time and setup a demo on Azure this weekend (they offer free credit) so that people can play with it. For folks new to Flask App Builder, it has a good permission / role model allowing people to compose roles. It should be trivial for people to create roles needed i

Re: RBAC Update

Hey all, I know the weekend is coming up, and for those of us in the US, next week is a bit of a slow holiday week. Would love to get some feedback from everyone on this. The goal would ideally to be to converge on this and eventually replace the existing Airflow UI with this one. Cheers, Chris

RBAC Update

Hi guys. I've been working on moving airflow from Flask-Admin to Flask-AppBuilder for RBAC , check it out at https://github.com/wepay/airflow-webserver. It's still a work-in-progress, but most features you see in the webse