Update doc to reflect the changes for DAG-Level access control (apach…

…e#12928) In 2.0 and master branch, there are permission & view name changes for DAG-level access control. - Permission: "can_dag_read"/"can_dag_edit" -> "can_read"/"can_edit" - View: "all_dags" -> "DAGs" These were missed to be reflected in the doc, and this PR addresses it.
Jorricks · Dec 8, 2020 · 3da939b · 3da939b
1 parent abce78c
commit 3da939b
Show file tree

Hide file tree

Showing 2 changed files with 4 additions and 3 deletions.
diff --git a/UPGRADING_TO_2.0.md b/UPGRADING_TO_2.0.md
@@ -303,7 +303,7 @@ in a case insensitive mode. This is being changed to better support the new `@da
 
 The DAG-level permission actions, `can_dag_read` and `can_dag_edit` are going away. They are being replaced with `can_read` and `can_edit`. When a role is given DAG-level access, the resource name (or "view menu", in Flask App-Builder parlance) will now be prefixed with `DAG:`. So the action `can_dag_read` on `example_dag_id`, is now represented as `can_read` on `DAG:example_dag_id`.
 
-*As part of running `db upgrade`, existing permissions will be migrated for you.*
+*As part of running `airflow db upgrade`, existing permissions will be migrated for you.*
 
 When DAGs are initialized with the `access_control` variable set, any usage of the old permission names will automatically be updated in the database, so this won't be a breaking change. A DeprecationWarning will be raised.
 

diff --git a/docs/apache-airflow/security/access-control.rst b/docs/apache-airflow/security/access-control.rst
@@ -91,8 +91,9 @@ Custom Roles
 DAG Level Role
 ^^^^^^^^^^^^^^
 ``Admin`` can create a set of roles which are only allowed to view a certain set of dags. This is called DAG level access. Each dag defined in the dag model table
-is treated as a ``View`` which has two permissions associated with it (``can_dag_read`` and ``can_dag_edit``). There is a special view called ``all_dags`` which
-allows the role to access all the dags. The default ``Admin``, ``Viewer``, ``User``, ``Op`` roles can all access ``all_dags`` view.
+is treated as a ``View`` which has two permissions associated with it (``can_read`` and ``can_edit``. ``can_dag_read`` and ``can_dag_edit`` are deprecated since 2.0.0).
+There is a special view called ``DAGs`` (it was called ``all_dags`` in versions 1.10.*) which
+allows the role to access all the dags. The default ``Admin``, ``Viewer``, ``User``, ``Op`` roles can all access ``DAGs`` view.
 
 .. image:: /img/add-role.png
 .. image:: /img/new-role.png