From 7fdb2bfaef0a438ad43bc7edae64f4e01261cb4e Mon Sep 17 00:00:00 2001
From: Vincent <97131062+vincbeck@users.noreply.github.com>
Date: Tue, 16 Apr 2024 12:05:02 -0300
Subject: [PATCH] Add examples in AWS auth manager documentation (#39040)

---
 .../auth-manager/manage/index.rst             | 70 ++++++++++++++++++-
 1 file changed, 69 insertions(+), 1 deletion(-)

diff --git a/docs/apache-airflow-providers-amazon/auth-manager/manage/index.rst b/docs/apache-airflow-providers-amazon/auth-manager/manage/index.rst
index 3d75633f50043..0a540b8d32b4a 100644
--- a/docs/apache-airflow-providers-amazon/auth-manager/manage/index.rst
+++ b/docs/apache-airflow-providers-amazon/auth-manager/manage/index.rst
@@ -134,6 +134,8 @@ Give all permissions to specific user
 Give all permissions to a group of users
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
+This is equivalent to the :doc:`Admin role in Flask AppBuilder <apache-airflow-providers-fab:auth-manager/access-control>`.
+
  ::
 
   permit(
@@ -148,6 +150,8 @@ Give all permissions to a group of users
 Give read-only permissions to a group of users
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
+This is equivalent to the :doc:`Viewer role in Flask AppBuilder <apache-airflow-providers-fab:auth-manager/access-control>`.
+
  ::
 
   permit(
@@ -156,7 +160,6 @@ Give read-only permissions to a group of users
       Airflow::Action::"Configuration.GET",
       Airflow::Action::"Connection.GET",
       Airflow::Action::"Custom.GET",
-      Airflow::Action::"Dag.PUT",
       Airflow::Action::"Dag.GET",
       Airflow::Action::"Menu.MENU",
       Airflow::Action::"Pool.GET",
@@ -167,6 +170,71 @@ Give read-only permissions to a group of users
     resource
   );
 
+Give standard Airflow user permissions to a group of users
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+This is equivalent to the :doc:`User role in Flask AppBuilder <apache-airflow-providers-fab:auth-manager/access-control>`.
+
+ ::
+
+  permit(
+    principal in Airflow::Group::"aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee",
+    action in [
+      Airflow::Action::"Configuration.GET",
+      Airflow::Action::"Connection.GET",
+      Airflow::Action::"Custom.GET",
+      Airflow::Action::"Dag.GET",
+      Airflow::Action::"Menu.MENU",
+      Airflow::Action::"Pool.GET",
+      Airflow::Action::"Variable.GET",
+      Airflow::Action::"Dataset.GET",
+      Airflow::Action::"View.GET",
+      Airflow::Action::"Dag.POST",
+      Airflow::Action::"Dag.PUT",
+      Airflow::Action::"Dag.DELETE",
+    ],
+    resource
+  );
+
+Give operational permissions to a group of users
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+This is equivalent to the :doc:`Op role in Flask AppBuilder <apache-airflow-providers-fab:auth-manager/access-control>`.
+
+ ::
+
+  permit(
+    principal in Airflow::Group::"aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee",
+    action in [
+      Airflow::Action::"Configuration.GET",
+      Airflow::Action::"Connection.GET",
+      Airflow::Action::"Custom.GET",
+      Airflow::Action::"Dag.GET",
+      Airflow::Action::"Menu.MENU",
+      Airflow::Action::"Pool.GET",
+      Airflow::Action::"Variable.GET",
+      Airflow::Action::"Dataset.GET",
+      Airflow::Action::"View.GET",
+      Airflow::Action::"Dag.POST",
+      Airflow::Action::"Dag.PUT",
+      Airflow::Action::"Dag.DELETE",
+      Airflow::Action::"Connection.POST",
+      Airflow::Action::"Connection.PUT",
+      Airflow::Action::"Connection.DELETE",
+      Airflow::Action::"Pool.POST",
+      Airflow::Action::"Pool.PUT",
+      Airflow::Action::"Pool.DELETE",
+      Airflow::Action::"Variable.POST",
+      Airflow::Action::"Variable.PUT",
+      Airflow::Action::"Variable.DELETE",
+      Airflow::Action::"Dataset.POST",
+      Airflow::Action::"Dataset.PUT",
+      Airflow::Action::"Dataset.DELETE",
+
+    ],
+    resource
+  );
+
 Give DAG specific permissions to a group of users
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~