I am currently looking into airflow to allow a set of users to define & run some basic processes. However I would like to restrict the types of Tasks that those users are allowed to run. For example I do not want them to be able to use the BashOperator.
I have seen the access control documentation, but it appears to only show access permissions for Task Instances that have executed in a DAG. Does anyone know how I can implement this?
https://airflow.apache.org/docs/apache-airflow/stable/security/access-control.html
There's no way to limit operators to selected user roles at the moment, but you can limit operators for all users using a task policy: https://airflow.apache.org/docs/apache-airflow/stable/concepts/cluster-policies.html?highlight=cluster%20policy#task-policies:
def task_policy(task: BaseOperator):
if task.task_type == 'BashOperator':
raise AirflowClusterPolicyViolation("BashOperator not permitted")