Hey everyone is they any way to define an `access control` o dagster #ask-community

Hey everyone... is they any way to define an `acc...

Mohit.ASingh

10/22/2021, 6:46 AM

Hey everyone... is they any way to define an

access control

on dagit ui?

dagster bot resolve to issue 1

Viktor Voronin

10/22/2021, 9:55 AM

No but watch this issue for updates https://github.com/dagster-io/dagster/issues/2219.

Viktor Voronin

10/22/2021, 9:56 AM

Recommended way as of now is to put a proxy with OAuth in front of Dagit.

Mohit.ASingh

10/22/2021, 10:10 AM

thanks can you share any doc if have.

Viktor Voronin

10/22/2021, 10:14 AM

The exact implementation of the setup is contextual and varies a lot.

Viktor Voronin

10/22/2021, 10:14 AM

Here is a proxy, for example. https://github.com/oauth2-proxy/oauth2-proxy

Viktor Voronin

10/22/2021, 10:14 AM

https://cloud.githubusercontent.com/assets/45028/8027702/bd040b7a-0d6a-11e5-85b9-f8d953d04f39.png▾

Viktor Voronin

10/22/2021, 10:15 AM

How one implements the arrows depends on the deployment and IaaS.

Mohit.ASingh

10/22/2021, 10:15 AM

Sure thanks @Viktor Voronin i will check..

👊 1

johann

10/22/2021, 2:25 PM

Also note https://github.com/dagster-io/dagster/issues/2219#issuecomment-870784871 A lot of cases can be handled by having two dagits deployed, protected by an auth proxy like described above

Mohit.ASingh

10/22/2021, 2:32 PM

@johann if i am not wrong what you are saying is spin up one more instance of dagit with

enableReadOnly: true

then secure it with auth proxy

johann

10/22/2021, 2:34 PM

You would have one dagit (or set of replicas) with --read-only, and one set without. Then you use separate proxies to control who has access to either

Mohit.ASingh

10/22/2021, 2:39 PM

got it 👍

19 Views

Open in Slack

Previous Next