...
DAG Role Permission Mapping
No. | Role | Permission(s) |
1 | DAG_Viewer | READ_DAG |
2 | DAG_Editor | READ_DAG, WRITE_DAG, EXECUTE_DAG, REFRESH_DAG |
3 | DAG_Executor | READ_DAG, EXECUTE_DAG |
...
Following table shows whether DLAC is ignored/honored depending on user’s View-level role.
No. | View-level Role | DAG Level Roles(Ignored/Honored) |
1 | Administrator | Ignored |
2 | Ops | Ignored |
3 | Data Profiler | Not Applicable |
4 | User | Honored |
5 | Read_Only | DAG_Viewer Role is enforced for all the DAGs |
...
Models to be created:
DAG_Role
DAG_Permission
Models to be modified:
DAG: has_DLAC column needs to be added
Addition of new “access_control” attribute to the DAG.
Open Questions
...
Should DAG_Executor role be allowed to refresh the DAG?