Reputation: 95
Configure role for Airflow Connection
Is there a way to restrict Airflow Connections so that they're only visible to the a particular role?
In particular I would like a solution so that a user for a particular role can:
- Can only access those connections that are assigned to their role
- Can only view those connections that are assigned to their role
I have looked at the following page and there's no instructions there on how to accomplish this: https://airflow.apache.org/1.10.1/howto/manage-connections.html
Upvotes: 1
Views: 1716
Answers (1)
Reputation: 6548
You can add these restrictions through RBAC, but not to specific connections, it's all connections or none. To enable RBAC, you will need to either be version 1.10+ and set rbac = True under [webserver] as noted in https://github.com/apache/airflow/blob/master/UPDATING.md#new-webserver-ui-with-role-based-access-control. See the documentation for RBAC in https://airflow.apache.org/security.html#rbac-ui-security for more details on the feature.
The relevant permissions to you are Connections and ConnectionModelView. Then an extra step would be to use DAG level access to ensure certain users can't access DAGs that use certain connections (1.10.2+ only, see https://github.com/apache/airflow/blob/master/UPDATING.md#dag-level-access-control-for-new-rbac-ui).
Upvotes: 1
Related Questions
- Airflow 2.0 support for Contrib Operators
- Change DAG owner
- Airflow dags subdirectory - role permissions
- Airflow - DAG level access control
- Airflow - KubernetesPodOperator - Role binding a service account
- How to create a dynamic role on Airflow?
- Airflow too many connections as a default
- Configuring fs_default connection in Airflow
- How do I add a new connection type to Airflow?
- How to use the User role in Airflow 1.10 RBAC?