0
0
Apache Airflowdevops~10 mins

Role-based access control (RBAC) in Apache Airflow - Step-by-Step Execution

Choose your learning style9 modes available
LearnWhyDeepVisualTryChallengeProjectRecallTime
Process Flow - Role-based access control (RBAC)
User logs in
System checks user role
Match role to permissions
Grant access to allowed features
Deny access to restricted features
User performs actions based on permissions
User logs in, system checks their role, matches permissions, then grants or denies access accordingly.
Execution Sample
Apache Airflow
from airflow.www.fab_security.manager import AUTH_ROLE_ADMIN

# Assign role to user
user.roles.append(AUTH_ROLE_ADMIN)

# Check permission
if 'can_read' in user.get_permissions():
    print('Access granted')
Assigns an admin role to a user and checks if the user has read permission to grant access.
Process Table
StepActionUser RolesPermissions CheckedResult
1User logs in[]NoneNo access yet
2Assign role AUTH_ROLE_ADMIN['Admin']NoneRole assigned
3Check if 'can_read' permission exists['Admin']'can_read'Permission found
4Grant access['Admin']'can_read'Access granted
5User performs action['Admin']Allowed actionsAction executed
💡 User has 'Admin' role with 'can_read' permission, so access is granted and action executed.
Status Tracker
VariableStartAfter Step 2After Step 3Final
user.roles[]['Admin']['Admin']['Admin']
permissions_checkedNoneNone['can_read']['can_read']
access_grantedFalseFalseTrueTrue
Key Moments - 2 Insights
Why does the user get access only after role assignment?
Because permissions depend on roles. Before assigning 'Admin' role, user.roles is empty (see step 1 and 2 in execution_table), so no permissions are found.
What happens if the permission checked is not in the user's role?
Access is denied. The system checks permissions linked to roles (step 3). If permission is missing, result would be 'Permission not found' and no access granted.
Visual Quiz - 3 Questions
Test your understanding
Look at the execution table, what is the user's roles after step 2?
A['Admin']
B[]
C['User']
D['ReadOnly']
💡 Hint
Check the 'User Roles' column at step 2 in the execution_table.
At which step does the system confirm the user has 'can_read' permission?
AStep 1
BStep 3
CStep 4
DStep 5
💡 Hint
Look at the 'Permissions Checked' and 'Result' columns in the execution_table.
If the user had no roles assigned, what would be the result at step 3?
APermission found
BAccess granted
CPermission not found
DAction executed
💡 Hint
Refer to the 'Result' column at step 3 and consider what happens if user.roles is empty.
Concept Snapshot
Role-based access control (RBAC) in Airflow:
- Users have roles.
- Roles have permissions.
- System checks user roles on login.
- Permissions determine access to features.
- Assign roles to grant permissions.
Full Transcript
Role-based access control (RBAC) in Airflow works by assigning roles to users. When a user logs in, the system checks their roles and the permissions linked to those roles. If the user has the required permission, such as 'can_read', access is granted to perform actions. Without roles, users have no permissions and cannot access protected features. This flow ensures users only access what their roles allow.