Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
'Access is Denied' errors are for the previous page
See original GitHub issueApache Airflow version: 1.10.12
Environment:
- Cloud provider or hardware configuration: Google Cloud Composer (tweaked environment running Airflow RBAC UI)
What happened:
In Airflow RBAC UI, when switching between pages, ‘Access is Denied’ error message actually indicates missing permissions on the previously visited page.
I understand the basic scenario for which this behavior has been designed:
- I try to go to a page to which I don’t have access, I am redirected to the home page, which shows ‘Access is Denied’, so I conclude that I don’t have access to the page that I tried to open.
But the interactions which end up in showing ‘Access is Denied’ are not always that simple, and this is where it gets confusing to show the message on a different page than the one to which the user had no access:
- When I’m an Admin and go to List Users, click Edit record on my user, change my role from Admin to Viewer, click Save, I am redirected to the home page, which shows a green ‘Changed Row’ message and a red ‘Access is Denied’.
- This is a confusing signal. Did the role assignment succeed or not? Which access was denied if I didn’t try to open any page? (I know the messages come from successful user record update and unsuccessful load of List Users page to which I’m redirected after clicking Save - but not every user may realize this.)
-
When I don’t have
can varimport on VariableModelViewpermission and go to Variables page, choose a file, click Import Variables, I am redirected to the home page, which shows ‘Access is Denied’.- How do I know which permissions I was missing? I might think that I didn’t have permission to the file, which is not the case.
-
In Airflow 1.10.10 we’ve also observed a situation in which removing some permissions (from the current user’s role) required for asynchronous work on the homepage, loading the homepage, and going to an unrelated page (like List Roles) resulted in showing a completely unexpected ‘Access is Denied’ message in that unrelated page.
- This was the most confusing behavior but I’m not able to reproduce it in Airflow 1.10.12. Here, the asynchronous work on one page resulted in accumulating ‘Access is Denied’ message in the background, and showing it on the next page visited, no matter what the next page was.
I guess this behavior may be built deeply into Flask-AppBuilder and hard to change. But it’s still a UX concern for Airflow.
What you expected to happen:
‘Access is Denied’ error should clearly indicate which page or its fragment it refers to.
How to reproduce it:
Follow the setup and steps described in ‘What happened’ section.
Issue Analytics
- State:
- Created 3 years ago
- Comments:9 (6 by maintainers)
Top Results From Across the Web
Top Related Medium Post
Top Related StackOverflow Question
Troubleshoot Live Code
Top Related Reddit Thread
Top Related Hackernoon Post
Top Related Tweet
Top Related Dev.to Post
Top Related Hashnode Post
Probably easier. If we weren’t doing a rewrite I have idea how we could do it, but it would involve a large replacement to the
flash()guts and FABs permission handling that seems not worth it right nowI am too getting access is denied error after login. I am not even able to logout. It throws the same “access denied” issue on the homepage. https://stackoverflow.com/questions/69107102/not-able-to-logout-of-airflow-2-1-1-after-integrating-with-keycloakoauth2