Skip to content

RBAC Granular DAG Permissions don't work as intended #13891

New issue
New issue
Closed
#13922
Closed
RBAC Granular DAG Permissions don't work as intended#13891
#13922
Assignees
jhtimmins
Labels
affected_version:2.0Issues Reported for 2.0area:authkind:bugThis is a clearly a bug
Milestone
Airflow 2.0.1
@davido912

Description

@davido912
davido912
opened on Jan 25, 2021

Previous versions (before 2.0) allowed for granular can_edit DAG permissions so that different user groups can trigger different DAGs and access control is more specific. Since 2.0 it seems that this does not work as expected.

How to reproduce:
Create a copy of the VIEWER role, try adding it can dag edit on a specific DAG. Expected Result: user can trigger said DAG. Actual Result: user access is denied.

It seems to be a new parameter was added: can create on DAG runs and without it the user cannot run DAGs, however, with it, the user can run all DAGs without limitations and I believe this is an unintended use.

Metadata

Metadata

Assignees

Labels

affected_version:2.0Issues Reported for 2.0area:authkind:bugThis is a clearly a bug

Type

No type

Projects

No projects

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions