-
Notifications
You must be signed in to change notification settings - Fork 0
Role Based Access Control in Airflow
Role-based access control is an approach to restricting system access to authorized users. Users are given roles, which are a defined set of permissions. Enabling the RBAC UI on Airflow adds an extra layer of security. On Airflow 2.x, RBAC is enabled by default. On previous versions, this needs to be enabled manually.
To enable Airflow's Flask AppBuilder (FAB)-based RBAC UI, make sure that the RBAC entry under the webserver in airflow.cfg looks like this:
[webserver]
# Use FAB-based webserver with RBAC feature
rbac = True
Once the changes to your webserver are made, you will be greeted by a login page when you start up. Since there is no default user created, you will have to create one manually using this command:
airflow create_user -r <role> -u <username> -f <first name> -l <last name> -p <password> -e <email>
The default roles are
- Admin
- Public
- Viewer
- User
- Op
You will probably want the first account you create to be an Admin so that you can use the RBAC UI to create other users and roles easily without having to use the command line.