19913d85-f662-4518-a9a1-7adc1793dfd4.png){kind=small}
Channels
announcements
dagster-airbyte
dagster-airflow
dagster-bigquery
dagster-cloud
dagster-cube
dagster-dask
dagster-dbt
dagster-de
dagster-ecs
dagster-feedback
dagster-kubernetes
dagster-machine-learning
dagster-noteable
dagster-releases
dagster-serverless
dagster-showcase
dagster-snowflake
dagster-spatial
dagster-support
dagster-wandb
dagstereo
data-platform-design
events
faq-read-me-before-posting
gigs-freelance
github-discussions
introductions
jobs
random
tools
豆瓣酱帮
Title
m
Mohit.ASingh
10/22/2021, 6:46 AMHey everyone...
is they any way to define an
access control:dagster-bot-resolve-to-issue: 1
v
Viktor Voronin
10/22/2021, 9:55 AMNo but watch this issue for updates https://github.com/dagster-io/dagster/issues/2219.
Recommended way as of now is to put a proxy with OAuth in front of Dagit.
m
Mohit.ASingh
10/22/2021, 10:10 AMthanks can you share any doc if have.
v
Viktor Voronin
10/22/2021, 10:14 AMThe exact implementation of the setup is contextual and varies a lot.
Here is a proxy, for example. https://github.com/oauth2-proxy/oauth2-proxy
https://cloud.githubusercontent.com/assets/45028/8027702/bd040b7a-0d6a-11e5-85b9-f8d953d04f39.png▾
How one implements the arrows depends on the deployment and IaaS.
m
Mohit.ASingh
10/22/2021, 10:15 AMSure thanks @Viktor Voronin i will check..
👊 1
j
johann
10/22/2021, 2:25 PMAlso note https://github.com/dagster-io/dagster/issues/2219#issuecomment-870784871
A lot of cases can be handled by having two dagits deployed, protected by an auth proxy like described above
m
Mohit.ASingh
10/22/2021, 2:32 PM@johann
if i am not wrong what you are saying is spin up one more instance of dagit with
enableReadOnly: truej
johann
10/22/2021, 2:34 PMYou would have one dagit (or set of replicas) with --read-only, and one set without. Then you use separate proxies to control who has access to either
m
Mohit.ASingh
10/22/2021, 2:39 PMgot it 👍