jedcunningham commented on code in PR #37984: URL: https://github.com/apache/airflow/pull/37984#discussion_r1516930616
########## docs/apache-airflow/security/security_model.rst: ########## @@ -61,15 +61,15 @@ model. DAG Authors ........... -They can upload, modify, and delete DAG files. The +They can create, modify, and delete DAG files. The code in DAG files is executed on workers and in the DAG File Processor. Note that in the simple deployment configuration, parsing DAGs is executed as a subprocess of the Scheduler process, but with Standalone DAG File Processor deployment managers might separate parsing DAGs from the Scheduler process. Therefore, DAG authors can create and change code executed on workers and the DAG File Processor and potentially access the credentials that the DAG code uses to access external systems. DAG Authors have full access -to the metadata database and internal audit logs. Review Comment: I'm hesitant to start enumerating everything you can do with db access - audit logs is just 1 thing. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
