potiuk commented on issue #18643: URL: https://github.com/apache/airflow/issues/18643#issuecomment-932976056
Yep. This is a feature of Airflow (in its current version) RBAC is just a UI not DAG concept and it only prevents the UI users from doing stuff, not the DAG writers. Airflow does not have multi-tenancy yet, and while we are working in this direction, it will not be there for quite some time. Also - thanks for reporting it in general and while it is not a security issue but feature of the project, but in case in the future you have similar issues - PLEASE @rssanders3 DO NOT report issues related to security in public issues. This is non-responsible disclosure and when you raise an issue where you even suspect that there might be a security issue, you should follow the Security Policies which ask you to responsibly disclose it via sending email to [email protected]. Here is our security policy https://github.com/apache/airflow/security/policy and when you open a new issue it's pretty clearly linked to from the issue list:  -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
