This Confluence has been LDAP enabled, if you are an ASF Committer, please use your LDAP Credentials to login. Any problems file an INFRA jira ticket please.

Page tree

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

DAG Role Permission Mapping 

 

 

No.

Role

Permission(s)

1

DAG_Viewer

READ_DAG

2

DAG_Editor

READ_DAG, WRITE_DAG, EXECUTE_DAG, REFRESH_DAG

3

DAG_Executor

READ_DAG, EXECUTE_DAG

 

...

Following table shows whether DLAC is ignored/honored depending on user’s View-level role. 

 

 

No.

View-level Role

DAG Level Roles(Ignored/Honored)

1

Administrator

Ignored

2

Ops

Ignored

3

Data Profiler

Not Applicable

4

User

Honored

5

Read_Only

DAG_Viewer Role is enforced for all the DAGs

 

...

  1. Models to be created:

    1. DAG_Role

    2. DAG_Permission

  2. Models to be modified:

    1. DAG: has_DLAC column needs to be added

  3. Addition of new “access_control” attribute to the DAG. 

Open Questions

...

  1. Should DAG_Executor role be allowed to refresh the DAG?