-
Notifications
You must be signed in to change notification settings - Fork 13.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
DAG permission setting per owner and/or per tag #19226
Comments
Thanks for opening your first issue here! Be sure to follow the issue template! |
I think this is what the |
Based on the documentation |
See also #9342 |
Agreeing with @potiuk's comment on #9342, airflow can't do multi-tenancy at the moment. However we have setup an instance which only uses the kubernetesPodOperator, and so can have multiple tenants coexisting where each tenant has their own k8s namespace/openshift project. |
Note that we have now Multi-tenancy effort in progress which I am leading. And while the first two AIPs that are very draft (but will soon be updated) do not address this final granularity yet, they pave the way for the third AIP that is going to address also this use case. Since this is in on the roadmap and planned and part of the bigger multi-tenancy effort, I am closing this one. @mandicLuka @easontm @isaac-florence if you are interested in joining the effort, please join Airlfow Devlist and possibly #sig-multitenancy slack channel and take part in the discussions: You can find last meeting mintues and even recording of the meeting where we discussed the plans for Multitenancy. https://cwiki.apache.org/confluence/display/AIRFLOW/AIP-1%3A+Improve+Airflow+Security Note that this is for a long haul - full implementation of the multitenancy (and even discussion on the AIPs) will take quite some time (several months/half a year at the least as this is a really big set of features to make it possible). |
Or actually let me re-open it and add multi-tenancy label to group similar stuff together and refer to it when we will be implementing it. |
Description
Access Control feature where one can limit a DAG permissions (read, write, etc.) for a group of DAGs, namely, the ones where owner is set or the tag is set to the desired value.
Use case/motivation
Restrict access for user to DAG read/write for all new DAGs created by the another user
Related issues
No response
Are you willing to submit a PR?
Code of Conduct
The text was updated successfully, but these errors were encountered: