{"id":1546,"date":"2020-06-12T22:51:22","date_gmt":"2020-06-12T13:51:22","guid":{"rendered":"https:\/\/oboki.net\/?p=1546"},"modified":"2020-07-12T22:53:53","modified_gmt":"2020-07-12T13:53:53","slug":"rbac","status":"publish","type":"post","link":"https:\/\/oboki.net\/workspace\/data-engineering\/airflow\/rbac\/","title":{"rendered":"[Airflow] RBAC"},"content":{"rendered":"<blockquote>\n<p>RBAC; Role-Based Access Control<\/p>\n<\/blockquote>\n<p>\ucc38\uace0: <a href=\"https:\/\/airflow.apache.org\/docs\/stable\/security.html#rbac-ui-security\">https:\/\/airflow.apache.org\/docs\/stable\/security.html#rbac-ui-security<\/a><\/p>\n<p>Airflow 1.10.9 \ubc84\uc804 \uc774\ud6c4 Web UI\uac00 <code>Flask-Admin<\/code>\uc5d0\uc11c <code>Flask-Appbuilder<\/code> \uae30\ubc18\uc73c\ub85c \ubcc0\uacbd\ub418\uba74\uc11c RBAC\ub97c \ud65c\uc131\ud654\ud560 \uc218 \uc788\ub2e4.<\/p>\n<p>\ub2e4\uc74c\uacfc \uac19\uc774 \ub2e4\uc12f\uac1c\uc758 Role \uc774 \uc815\uc758\ub3fc \uc788\uace0 \uc774 \uc678\uc5d0\ub3c4 \ucee4\uc2a4\ud140 \ub864\uc744 \uc0dd\uc131\ud560 \uc218 \uc788\ub2e4.<\/p>\n<ul>\n<li>Admin<\/li>\n<li>Op<\/li>\n<li>User<\/li>\n<li>Viewer<\/li>\n<li>Public<\/li>\n<\/ul>\n<p>\n&nbsp;\n<\/p>\n<p>\uac01 Role\ub4e4\uc740 \uc544\ub798\uc640 \uac19\uc740 \ud615\ud0dc\uc758 \uad8c\ud55c\ub4e4\uc758 \uc9d1\ud569\uc778\ub370 \uc138\ubd80 \uad8c\ud55c\ub4e4\uc740 \ub2e4\uc74c\uacfc \uac19\uc740 \ud615\ud0dc\ub85c \uc815\uc758 \ub3fc \uc788\uc5b4\uc11c<\/p>\n<ul>\n<li><code>menu access on {menu}<\/code>\n<ul>\n<li>\uc5b4\ub5a4 \ud654\uba74\uc5d0 \uc811\uadfc\ud560 \uc218 \uc788\ub294\uc9c0<\/li>\n<\/ul>\n<\/li>\n<li><code>{operation} on View<\/code>\n<ul>\n<li>\uadf8 \ud654\uba74\uc5d0\uc11c \uc5b4\ub5a4 \uae30\ub2a5\ub4e4\uc744 \uc774\uc6a9\ud560 \uc218 \uc788\ub294\uc9c0<\/li>\n<\/ul>\n<\/li>\n<li><code>can dag (read|edit) on DAG<\/code>\n<ul>\n<li>\ub9cc\uc57d DAG\uc640 \uad00\ub828\ub41c \uae30\ub2a5\uc774\ub77c\uba74 \uc5b4\ub5a4 DAG\uc5d0 \uc704 \uae30\ub2a5\ub4e4\uc744 \uc801\uc6a9\ud560 \uc218 \uc788\ub294\uc9c0<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p>\ub97c role(\uc0ac\uc6a9\uc790) \ubcc4\ub85c \uc81c\uc5b4\ud560 \uc218 \uc788\ub2e4.<\/p>\n<h2>Admin Role<\/h2>\n<p>\ucd5c\ucd08 \uc124\uce58\uc2dc Admin Role\uc5d0 \ubd80\uc5ec\ub41c \uad8c\ud55c(\uc124\uce58 \uc9c1\ud6c4 \uc2dc\uc810\uc758 \ubaa8\ub4e0 \uad8c\ud55c)\uc740 \ub2e4\uc74c\uacfc \uac19\ub2e4.<\/p>\n<pre><code class=\"language-txt\">menu access on List Users\nmenu access on Security\nmenu access on List Roles\nmenu access on User&#039;s Statistics\nmenu access on Base Permissions\nmenu access on Views\/Menus\nmenu access on Permission on Views\/Menus\nmenu access on DAG Runs\nmenu access on Browse\nmenu access on Jobs\nmenu access on Logs\nmenu access on SLA Misses\nmenu access on Task Instances\nmenu access on Configurations\nmenu access on Admin\nmenu access on Connections\nmenu access on Pools\nmenu access on Variables\nmenu access on XComs\nmenu access on Documentation\nmenu access on Docs\nmenu access on GitHub\nmenu access on Version\nmenu access on About\ncan this form get on ResetPasswordView\ncan this form post on ResetPasswordView\ncan this form get on ResetMyPasswordView\ncan this form post on ResetMyPasswordView\ncan this form get on UserInfoEditView\ncan this form post on UserInfoEditView\ncan show on UserLDAPModelView\ncan add on UserLDAPModelView\ncan userinfo on UserLDAPModelView\ncan edit on UserLDAPModelView\ncan download on UserLDAPModelView\ncan delete on UserLDAPModelView\ncan list on UserLDAPModelView\nuserinfoedit on UserLDAPModelView\ncan show on RoleModelView\ncan add on RoleModelView\ncan edit on RoleModelView\ncan download on RoleModelView\ncan delete on RoleModelView\ncan list on RoleModelView\ncopyrole on RoleModelView\ncan chart on UserStatsChartView\ncan list on PermissionModelView\ncan list on ViewMenuModelView\ncan list on PermissionViewModelView\ncan get on MenuApi\ncan trigger on Airflow\ncan tree on Airflow\ncan dagrun failed on Airflow\ncan code on Airflow\ncan dag stats on Airflow\ncan task stats on Airflow\ncan failed on Airflow\ncan rendered on Airflow\ncan clear on Airflow\ncan refresh on Airflow\ncan gantt on Airflow\ncan dagrun clear on Airflow\ncan paused on Airflow\ncan log on Airflow\ncan last dagruns on Airflow\ncan elasticsearch on Airflow\ncan dagrun success on Airflow\ncan index on Airflow\ncan task on Airflow\ncan extra links on Airflow\ncan blocked on Airflow\ncan duration on Airflow\ncan pickle info on Airflow\ncan task instances on Airflow\ncan get logs with metadata on Airflow\ncan success on Airflow\ncan xcom on Airflow\ncan tries on Airflow\ncan run on Airflow\ncan landing times on Airflow\ncan dag details on Airflow\ncan graph on Airflow\ncan delete on Airflow\ncan list on DagModelView\ncan show on DagModelView\ncan list on DagRunModelView\ncan add on DagRunModelView\nmuldelete on DagRunModelView\nset failed on DagRunModelView\nset running on DagRunModelView\nset success on DagRunModelView\ncan list on JobModelView\ncan list on LogModelView\ncan list on SlaMissModelView\ncan list on TaskInstanceModelView\nclear on TaskInstanceModelView\nset failed on TaskInstanceModelView\nset retry on TaskInstanceModelView\nset running on TaskInstanceModelView\nset success on TaskInstanceModelView\ncan conf on ConfigurationView\ncan add on ConnectionModelView\ncan list on ConnectionModelView\ncan edit on ConnectionModelView\ncan delete on ConnectionModelView\nmuldelete on ConnectionModelView\ncan add on PoolModelView\ncan list on PoolModelView\ncan edit on PoolModelView\ncan delete on PoolModelView\nmuldelete on PoolModelView\ncan add on VariableModelView\ncan list on VariableModelView\ncan edit on VariableModelView\ncan delete on VariableModelView\ncan varimport on VariableModelView\nmuldelete on VariableModelView\nvarexport on VariableModelView\ncan add on XComModelView\ncan list on XComModelView\ncan edit on XComModelView\ncan delete on XComModelView\nmuldelete on XComModelView\ncan version on VersionView\ncan dag edit on all_dags\ncan dag read on all_dags\ncan edit on UserDBModelView\ncan delete on UserDBModelView\ncan add on UserDBModelView\ncan download on UserDBModelView\ncan userinfo on UserDBModelView\ncan list on UserDBModelView\ncan show on UserDBModelView\nresetmypassword on UserDBModelView\nresetpasswords on UserDBModelView\nuserinfoedit on UserDBModelView]<\/code><\/pre>\n<p>\u203b <code>all_dags<\/code> \ub77c\ub294 dag\ub294 \uc2e4\uc81c dag \uc774\ub984\uc774 all_dags\uac00 \uc544\ub2cc \uad8c\ud55c \uad00\ub9ac\uc5d0\uc11c\ub9cc \ub098\uc624\ub294 special dag\ub85c \uc640\uc77c\ub4dc\uce74\ub4dc\uc774\ub2e4.<\/p>\n<h2>Public Role<\/h2>\n<p>\uae30\ubcf8 \uc815\uc758\ub41c <code>Public<\/code> Role \uc740 \uc544\ubb34\ub7f0 \uad8c\ud55c\uc774 \uc5c6\ub294\ub370 \uc774 Role\uc744 \ubd80\uc5ec\ubc1b\uc740 \uc0ac\uc6a9\uc790\ub294 \ub85c\uadf8\uc778 \uc9c1\ud6c4 ERR_TOO_MANY_REDIRECTS \uc5d0\ub7ec\uac00 \ubc1c\uc0dd\ud574\uc11c \uc544\ubb34\uac83\ub3c4 \ud560 \uc218\uac00 \uc5c6\ub2e4. \uc774 \ubb38\uc81c\ub97c \ud574\uc18c\ud558\ub824\uba74 \uc6f9 \ube0c\ub77c\uc6b0\uc800\uc5d0 <code>https:\/\/${airflow_host}\/logout<\/code> \uc73c\ub85c \uc811\uadfc\ud574\uc11c \uac15\uc81c\ub85c logout api \ub97c \ud638\ucd9c\ud574\uc57c \ud55c\ub2e4.<\/p>\n<p>\ub85c\uadf8\uc778 \uc9c1\ud6c4\uc5d0\ub294 \uba54\uc778 \ud654\uba74\uc778 <code>\/home<\/code> \uc73c\ub85c \ub9ac\ub514\ub809\uc158 \ub418\ub294\ub370 \uad00\ub828\ub41c \uae30\ubcf8 View \ub4e4\uc5d0 \ub300\ud55c menu access \uc870\ucc28 \uc5c6\uc5b4\uc11c home -&gt; login -&gt; home -&gt; login \uc758 \ubb34\ud55c \ub8e8\ud504\uc5d0 \ube60\uc9c4\ub2e4.<\/p>\n<p>\uc704\uc640\uac19\uc740 \ubb38\uc81c\uac00 \uc788\uc5b4\uc11c, \uc544\ub798\uc640 \uac19\uc774 <code>new_role<\/code> \uc774\ub77c\ub294 \uc0c8\ub85c\uc6b4 \ub864\uc744 \ub9cc\ub4e4\uba74 \ub2e4\uc74c\uacfc \uac19\uc740 \ucd5c\uc18c\ud55c\uc758 \uad8c\ud55c\ub4e4\uc774 \uae30\ubcf8\uc801\uc73c\ub85c \ud3ec\ud568\ub418\ub3c4\ub85d \ucc98\ub9ac\ud55c \uac83 \uac19\uc740\ub370 \uae30\ubcf8 \ub864\uc778 <code>Public<\/code> \ub9cc <code>Public = []<\/code> \uc0c1\ud0dc\ub85c \ub0a8\uc544\uc788\ub2e4. <code>Public<\/code> \ub864\uc740 FAB \uc5d0\uc11c \uc77c\ub2e8 \uac00\uc838\uc624\uae34 \ud588\ub294\ub370 Airflow \uc5d0\uc11c\ub294 \uc4f8\ubaa8\uac00 \uc5c6\ub294 \ub4ef.<\/p>\n<p>\ud2b9\uc815 DAG \uc5d0 \ub300\ud574 can read on \uad8c\ud55c\ub9cc \ubd80\uc5ec\ud558\uba74 \ud574\ub2f9 DAG \uc758 \uc791\uc5c5 \uc774\ub825 \ubc0f \ucf54\ub4dc \ub4f1\uc744 \uc870\ud68c\ub9cc \uac00\ub2a5\ud558\uace0 off, delete \ub4f1\uc758 \uc870\uc791\uc744 \ud560 \uc218 \uc5c6\ub2e4. (\uadf8\ub7f0\ub370 \ubc84\ud2bc\uc740 \ud65c\uc131\ud654 \ub3fc \uc788\uace0, \ud574\ub2f9 api \uc811\uadfc\ud558\uba74 access denied \ub77c\uace0 flash \ub41c\ub2e4. on\/off \uc640 \uac19\uc740 \ud1a0\uae00 \ubc84\ud2bc\uc740 flash \uba54\uc2dc\uc9c0 \uc870\ucc28 \ubc1c\uc0dd\ud558\uc9c0 \uc54a\uc544\uc11c \uc124\uc815\uc774 \ub41c\uac74\uc9c0 \ub9cc\uac74\uc9c0 \ud655\uc778\ub3c4 \uc548 \ub428.)<\/p>\n","protected":false},"excerpt":{"rendered":"<p>RBAC; Role-Based Access Control \ucc38\uace0: https:\/\/airflow.apache.org\/docs\/stable\/security.html#rbac-ui-security Airflow 1.10.9 \ubc84\uc804 \uc774\ud6c4 Web UI\uac00 Flask-Admin\uc5d0\uc11c Flask-Appbuilder \uae30\ubc18\uc73c\ub85c \ubcc0\uacbd\ub418\uba74\uc11c RBAC\ub97c \ud65c\uc131\ud654\ud560 \uc218 \uc788\ub2e4. \ub2e4\uc74c\uacfc \uac19\uc774 \ub2e4\uc12f\uac1c\uc758 Role \uc774 \uc815\uc758\ub3fc \uc788\uace0 \uc774 \uc678\uc5d0\ub3c4 \ucee4\uc2a4\ud140 \ub864\uc744 \uc0dd\uc131\ud560 \uc218 \uc788\ub2e4. Admin Op User Viewer Public &nbsp; \uac01 Role\ub4e4\uc740 \uc544\ub798\uc640 \uac19\uc740 \ud615\ud0dc\uc758 \uad8c\ud55c\ub4e4\uc758 \uc9d1\ud569\uc778\ub370 \uc138\ubd80 \uad8c\ud55c\ub4e4\uc740 \ub2e4\uc74c\uacfc \uac19\uc740 \ud615\ud0dc\ub85c \uc815\uc758 \ub3fc \uc788\uc5b4\uc11c [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[199],"tags":[],"class_list":["post-1546","post","type-post","status-publish","format-standard","hentry","category-airflow"],"_links":{"self":[{"href":"https:\/\/oboki.net\/workspace\/wp-json\/wp\/v2\/posts\/1546","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/oboki.net\/workspace\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/oboki.net\/workspace\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/oboki.net\/workspace\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/oboki.net\/workspace\/wp-json\/wp\/v2\/comments?post=1546"}],"version-history":[{"count":0,"href":"https:\/\/oboki.net\/workspace\/wp-json\/wp\/v2\/posts\/1546\/revisions"}],"wp:attachment":[{"href":"https:\/\/oboki.net\/workspace\/wp-json\/wp\/v2\/media?parent=1546"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/oboki.net\/workspace\/wp-json\/wp\/v2\/categories?post=1546"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/oboki.net\/workspace\/wp-json\/wp\/v2\/tags?post=1546"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}