How to Create/Edit a Group

Navigate to the groups page in the admin menu

Each group consist of three main components:

• Name
• Description (to help identify what each group permits and restricts)
• A list of Permissions, which consist of single read and write authorizations, to help granulate the user experience as much as possible.

Apart from these main fields, you can optionally map the group to a comma-separated list of Active Directory groups, as well as Filter the available permissions to enable/disable them with ease.

In terms of specific application permissions, i.e. Airflow and Superset, you can use both general and specific scopes:

• To work permissions at global level (the entire application), you can give read or write permissions to it's entire scope:

  

  • Giving an application scope write access, gives the group the entire set of the application's permissions, and with it also to it's resources.
  • Giving an application scope read access, sets the group as viewer (read-only)

• To give permissions to certain resources of an application, you can toggle write access on only those of interest, leaving the general scope (for example, Workbench>Airflow) unmarked.

  

  Some of the specific component permissions include:

  • Airflow > Admin: access to Airflow's Admin menu (connections, variables, etc)
  • Airflow > Security: access to Airflow's Security menu (users and roles administration)
  • Airflow > Dags: running DAGs and jobs
  • Superset > Data-Sources: Superset data sources administration
  • Superset > Security: access to Superset's Security menu (users, roles, permissions, etc.)