ephraimbuddy commented on code in PR #33920:
URL: https://github.com/apache/airflow/pull/33920#discussion_r1310354011
##########
docs/apache-airflow/security/security_model.rst:
##########
@@ -41,9 +41,13 @@ varying access and capabilities:
model.
2. **DAG Authors**: They can upload, modify, and delete DAG files. The
- code in DAG files is executed on workers. Therefore, DAG authors can create
- and change code executed on workers and potentially access the credentials
- that DAG code uses to access external systems. DAG Authors have full access
+ code in DAG files is executed on workers and in DAG File Processor. Note
+ that in the simple deployment configuration parsing DAGs is executed as
+ subprocess of the Scheduler process, but with Standalone DAG File Processor
+ Deployment managers might separate physically parsing from the Scheduler
+ Therefore, DAG authors can create and change code executed on workers
+ and DAG File Processor and potentially access the credentials that the DAG
+ code uses to access external systems. DAG Authors have full access
Review Comment:
```suggestion
code in DAG files is executed on workers and in the DAG File Processor.
Note
that in the simple deployment configuration, parsing DAGs is executed as
a subprocess of the Scheduler process, but with Standalone DAG File
Processor
deployment managers might separate parsing DAGs from the Scheduler
process.
Therefore, DAG authors can create and change code executed on workers
and the DAG File Processor and potentially access the credentials that
the DAG
code uses to access external systems. DAG Authors have full access
```
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
