[airflow] branch main updated: Add broad-strokes 'security model' (#30843)

[ash]

This is an automated email from the ASF dual-hosted git repository.

ash pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/airflow.git


The following commit(s) were added to refs/heads/main by this push:
     new f20c08a77c Add broad-strokes 'security model' (#30843)
f20c08a77c is described below

commit f20c08a77c9daefe54c14c5013fcf53d84b5744d
Author: Arnout Engelen <arn...@engelen.eu>
AuthorDate: Tue Apr 25 13:23:53 2023 +0200

    Add broad-strokes 'security model' (#30843)
    
    Add a broad-strokes description of the security expectations
    operator should expect. This will get included into
    
https://airflow.apache.org/docs/apache-airflow/stable/administration-and-deployment/security/index.html
    
    I'm no Airflow expert so help definitely welcome.
    
    I would like this section to be a bit more prominent rather than hidden away
    under 'Administration and Deployment', but it looks like the structure was
    carefully considered in https://github.com/apache/airflow/pull/27235 so this
    is probably fine.
    
    Eventually we could point the 'Security' link on the main pages
    like https://airflow.apache.org/ to this page.
---
 .github/SECURITY.rst | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/.github/SECURITY.rst b/.github/SECURITY.rst
index b397a45d6a..d4f2863a8c 100644
--- a/.github/SECURITY.rst
+++ b/.github/SECURITY.rst
@@ -15,6 +15,21 @@
     specific language governing permissions and limitations
     under the License.
 
+Security Model
+--------------
+
+In the Airflow security model, the system administrators are fully trusted.
+They are the only ones who can upload new DAGs, which gives them the ability
+to execute any code on the server.
+
+Authenticated web interface and API users with Admin/Op permissions are 
trusted,
+but to a lesser extent: they can configure the DAGs which gives them some 
control,
+but not arbitrary code execution.
+
+Authenticated Web interface and API users with 'regular' permissions are 
trusted
+to the point where they can impact resource consumption and pause/unpause 
configured DAGs,
+but not otherwise influence their functionality.
+
 Reporting Vulnerabilities
 -------------------------