git.net

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Connection Management in Multi-tenancy Scenario


Hi folks,

Thinking of a scenario: I may have multiple users in the same Airflow
instance. I can use filter_by_owner feature so that each user can only see
their own DAGs. But what if their DAGs are using different data sources,
say owner A is using mysql_conn_a, and owner B is using mysql_conn_b, and
we don't want to allow them to access each other's database?

Seems like all DAG (no matter who is the owner) can access all defined
connections? or have I missed something?

If my suspicion is making sense, I think it would be necessary to have
values "*if_protect*" and "*owner*" for each connection. When "if_protect"
== True, only DAGs whose owner == "owner" would be able to use this
connection. I would like to take this up to prepare a PR.

Thanks.

XD