0
0
Apache Airflowdevops~20 mins

Why access control protects sensitive pipelines in Apache Airflow - Challenge Your Understanding

Choose your learning style9 modes available
LearnWhyDeepVisualTryChallengeProjectRecallTime
Challenge - 5 Problems
πŸŽ–οΈ
Airflow Access Control Master
Get all challenges correct to earn this badge!
Test your skills under time pressure!
🧠 Conceptual
intermediate
2:00remaining
Why is access control important in Airflow pipelines?

Which of the following best explains why access control is critical for sensitive Airflow pipelines?

AIt speeds up the execution of pipelines by limiting the number of users who can trigger them.
BIt automatically fixes errors in pipeline tasks by restricting access to only expert users.
CIt prevents unauthorized users from viewing or modifying pipeline configurations and data, protecting sensitive information and ensuring pipeline integrity.
DIt allows all users to freely edit pipelines to encourage collaboration.
Attempts:
2 left
πŸ’‘ Hint

Think about what could happen if anyone could change or see sensitive pipeline details.

πŸ’» Command Output
intermediate
2:00remaining
Output of Airflow RBAC command

What is the output of running the command airflow users list when RBAC is enabled and there are two users: admin and viewer?

Apache Airflow
airflow users list
A
Username  | Email           | Roles
----------|-----------------|--------
admin     | admin@example.com | Admin
viewer    | viewer@example.com | Viewer
BError: Command not found
CNo users found
D
Username  | Email           | Roles
----------|-----------------|--------
admin     | admin@example.com | Viewer
viewer    | viewer@example.com | Admin
Attempts:
2 left
πŸ’‘ Hint

RBAC lists users with their roles and emails.

❓ Configuration
advanced
2:00remaining
Configuring Airflow to restrict DAG access

Which configuration snippet correctly restricts access to a DAG named finance_report only to users with the finance_team role?

A
[webserver]
rbac = False

[dag_access_control]
finance_report = finance_team
B
[webserver]
rbac = True

[access_control]
finance_team = finance_report
C
[webserver]
rbac = True

[roles]
finance_team = finance_report
D
[webserver]
rbac = True

[dag_access_control]
finance_report = finance_team
Attempts:
2 left
πŸ’‘ Hint

Look for the correct section and syntax to map DAGs to roles.

❓ Troubleshoot
advanced
2:00remaining
Troubleshooting unauthorized DAG access error

A user with the role data_analyst tries to access the DAG sales_data but gets an 'Unauthorized' error. What is the most likely cause?

AThe <code>sales_data</code> DAG is not assigned to the <code>data_analyst</code> role in the DAG access control settings.
BThe Airflow webserver is not running.
CThe user’s password has expired.
DThe DAG <code>sales_data</code> is paused.
Attempts:
2 left
πŸ’‘ Hint

Think about role permissions related to DAG access.

βœ… Best Practice
expert
3:00remaining
Best practice for securing sensitive Airflow pipelines

Which of the following is the best practice to protect sensitive Airflow pipelines from unauthorized access and accidental changes?

AAllow all users admin access to encourage collaboration and quick fixes.
BEnable RBAC, assign minimal necessary roles to users, and use DAG-level access control to restrict pipeline visibility.
CDisable authentication to simplify user access and reduce login issues.
DStore all pipeline credentials in plain text within DAG files for easy access.
Attempts:
2 left
πŸ’‘ Hint

Consider security principles of least privilege and controlled access.