Hi! I'm evaluating dagster and one of the things we're looking for is auditability. It doesn't appear that dagit supports authentication/authorization, so there's no way of telling who did what. I see a couple of open github issues related to this, but those haven't been triaged yet. We don't necessarily need full RBAC right away, but we need some form of audit trail with pipeline-level granularity. We could use a proxy to limit access to dagit as suggested by others in this channel, but I don't think that will give us the granularity we need for auditing the actions user take. Are there any suggested workarounds until auth is built into dagit?
04/13/2021, 6:37 AM
hi @Seth Miller 👋 thanks for the question! one workaround that we’re exploring with a design partner is a slightly-modified run launcher that grabs user info and adds it to each pipeline runs (likely via tags) so that there is a record of which user launched which manual run. we’re aiming for an eta of this release cycle. would love to hop on a call and better understand your use case: https://calendly.com/catherinewu/30min?month=2021-04
04/13/2021, 4:07 PM
Hi @cat! That sounds interesting. I think it could work for us. Hopping on a call would be great, thanks!
04/13/2021, 4:27 PM
Awesome, looking forward to talking!
04/14/2021, 1:41 AM
@cat On the same context, is there any work-around right now to enable dagit read only access to all the users except certain admin users?
04/14/2021, 4:46 AM
hey @Arun Kumar! also happy to chat and better understand your use case. we’re still evaluating what whether some form of rbac will exist in the oss product, so would love to get your thoughts
04/15/2021, 1:12 AM
We have a simple use case where we just want to allow all the users to monitor the progress of a pipeline themselves through dagit, but they should not be able to run the pipelines. Let me know if you want to schedule a call to discuss more.