From bb86b468ae9396ece41f105db6104ee9282b4ed1 Mon Sep 17 00:00:00 2001 From: Arnout Engelen Date: Tue, 25 Apr 2023 13:23:53 +0200 Subject: [PATCH] Add broad-strokes 'security model' (#30843) Add a broad-strokes description of the security expectations operator should expect. This will get included into https://airflow.apache.org/docs/apache-airflow/stable/administration-and-deployment/security/index.html I'm no Airflow expert so help definitely welcome. I would like this section to be a bit more prominent rather than hidden away under 'Administration and Deployment', but it looks like the structure was carefully considered in https://github.com/apache/airflow/pull/27235 so this is probably fine. Eventually we could point the 'Security' link on the main pages like https://airflow.apache.org/ to this page. (cherry picked from commit f20c08a77c9daefe54c14c5013fcf53d84b5744d) --- .github/SECURITY.rst | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/.github/SECURITY.rst b/.github/SECURITY.rst index c56dad283e54d..e7f5a40366db2 100644 --- a/.github/SECURITY.rst +++ b/.github/SECURITY.rst @@ -15,6 +15,21 @@ specific language governing permissions and limitations under the License. +Security Model +-------------- + +In the Airflow security model, the system administrators are fully trusted. +They are the only ones who can upload new DAGs, which gives them the ability +to execute any code on the server. + +Authenticated web interface and API users with Admin/Op permissions are trusted, +but to a lesser extent: they can configure the DAGs which gives them some control, +but not arbitrary code execution. + +Authenticated Web interface and API users with 'regular' permissions are trusted +to the point where they can impact resource consumption and pause/unpause configured DAGs, +but not otherwise influence their functionality. + Reporting Vulnerabilities -------------------------