jedcunningham commented on code in PR #33021:
URL: https://github.com/apache/airflow/pull/33021#discussion_r1291858300
##########
docs/apache-airflow/security/security_model.rst:
##########
@@ -81,17 +82,14 @@ what roles have been configured by the Deployment Manager
or Admin users as well
create a Webserver Denial of Service situation and should be trusted
not to misuse this capability.
-3. **Operations users**: They have access to DAG execution status via
- the UI. Currently, Airflow lacks full protection for accessing groups
- of DAGs' history and execution. They can perform actions such as
- clearing, re-running, triggering DAGs, and changing parameters.
- Depending on access restrictions, they may also have access to
- editing variables and viewing Airflow configuration. They should not
- have access to sensitive system-level information or connections, and
- they should not be able to access sensitive task information unless
- deliberately exposed in logs by DAG authors. They should be trusted
- not to abuse their privileges, as they can potentially overload the
- server and cause Denial of Service situations.
+3. **Operations users**: The primary difference between an operator and admin
Review Comment:
Yeah, I like it.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
