Apache Airflowdevops~30 mins

Role-based access control (RBAC) in Apache Airflow - Mini Project: Build & Apply

Choose your learning style9 modes available

Learn Why Deep Visual Try Challenge Project Recall Time

Role-based access control (RBAC) in Apache Airflow

📖 Scenario: You are managing an Apache Airflow environment where different users need different access levels. To keep things secure and organized, you want to set up role-based access control (RBAC). This means defining roles with specific permissions and assigning users to these roles.

🎯 Goal: Build a simple RBAC setup in Airflow by creating roles with permissions and assigning users to these roles using Python code. You will create roles, add permissions, and assign users to roles.

📋 What You'll Learn

Create roles with specific permissions

Assign users to roles

Use Airflow's RBAC API to manage roles and users

Print the roles and their assigned users

💡 Why This Matters

🌍 Real World

RBAC is used in Airflow to control who can see or change workflows, making sure only authorized people can do sensitive actions.

💼 Career

Understanding RBAC helps you manage access securely in real Airflow deployments, a key skill for DevOps and data engineering roles.

Progress0 / 4 steps

Create roles with permissions

Create two roles called data_engineer and data_analyst using Airflow's Role class. Add the permission can_read to data_analyst and permissions can_read and can_edit to data_engineer.

Apache Airflow

from airflow.www.fab_security.manager import Role

# Create roles data_engineer and data_analyst with permissions
# Your code here

Hint

Use the Role class to create roles and assign a set of permissions to the permissions attribute.

Create users and assign roles

Create two users called alice and bob using Airflow's User class. Assign the data_engineer role to alice and the data_analyst role to bob.

Apache Airflow

from airflow.www.fab_security.manager import Role

data_analyst = Role(name='data_analyst')
data_analyst.permissions = {'can_read'}
data_engineer = Role(name='data_engineer')
data_engineer.permissions = {'can_read', 'can_edit'}

from airflow.www.fab_security.manager import User

# Create users alice and bob and assign roles
# Your code here

Hint

Use the User class to create users and assign roles by setting the roles attribute to a set containing the role objects.

List roles and their users

Create a dictionary called role_users that maps each role name (data_engineer and data_analyst) to a list of usernames assigned to that role. Use a for loop to check each user and add their username to the correct role list.

Apache Airflow

from airflow.www.fab_security.manager import Role

data_analyst = Role(name='data_analyst')
data_analyst.permissions = {'can_read'}
data_engineer = Role(name='data_engineer')
data_engineer.permissions = {'can_read', 'can_edit'}

from airflow.www.fab_security.manager import User

alice = User(username='alice')
alice.roles = {data_engineer}
bob = User(username='bob')
bob.roles = {data_analyst}

role_users = {'data_engineer': [], 'data_analyst': []}

# Use a for loop with variables user and role to fill role_users
# Your code here

Hint

Loop over the list of users, then loop over each user's roles. Add the username to the list in role_users for the matching role name.

Print roles and assigned users

Print the role_users dictionary to display the roles and their assigned users.

Apache Airflow

from airflow.www.fab_security.manager import Role

data_analyst = Role(name='data_analyst')
data_analyst.permissions = {'can_read'}
data_engineer = Role(name='data_engineer')
data_engineer.permissions = {'can_read', 'can_edit'}

from airflow.www.fab_security.manager import User

alice = User(username='alice')
alice.roles = {data_engineer}
bob = User(username='bob')
bob.roles = {data_analyst}

role_users = {'data_engineer': [], 'data_analyst': []}

for user in [alice, bob]:
    for role in user.roles:
        role_users[role.name].append(user.username)

# Print the role_users dictionary
# Your code here

Hint

Use print(role_users) to show the dictionary with roles and their users.