mik-laj opened a new issue #10130: URL: https://github.com/apache/airflow/issues/10130
Hello, The documentation does not describe the design assumptions about isolating all components. Many users, after they launch the application and start using it, realize that any DAG file can trigger any query on DB and each component communicates via direct database queries I would be happy if there was a new section in the documentation about it https://airflow.readthedocs.io/en/latest/security.html This section should answer the following questions: * How much individual user isolation can be provided by the webserver configuration? [access control on DAG level, no variable/connection isolation, RBAC, DAG serialization to prevent DAG parsing by the webserver, ] * How much individual DAG isolation can be provided by the worker configuration? [individual tenant identity for Kerberos configured through separate Celery queues] * How much individual DAG isolation can be provided by the scheduler configuration? [doesn't need Kerberos identity access, doesn't need LDAP access] I would also be happy if the most common methods of hardening the configuration were described, e.g. refreshing the Kerberos ticket in a separate container, alternative secrets backend. Best regards, Kamil BreguĊa ---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected]
