Rafael, I think the key component here is your CI/CD pipeline and PR standards. I limit who can approve PRs, who can approve a release (not always the same people), and require vulnerability scanning on all containers and the DAGs within those containers before a PR and release to prod are approved.
Cheers, Jason > On May 21, 2022, at 9:50 AM, Rafal Biegacz <[email protected]> > wrote: > > > Hi Airflow Community, > > Airflow Access Control is a very useful mechanism that helps to separate > groups of users and individual users from each other. It provides Airflow > Admins a means to define different levels of permissions for different users > in Airflow UI. > > On the other hand, it seems that, if no additional prevention mechanisms are > taken, a malicious user can deploy a DAG that messes with roles and users' > assignments to specific roles (as a DAG has read-write access to Airflow DB). > > For example, many of us, introduce CI/CD processes and require > users/developers to commit DAGs into source code repositories where DAGs go > thru code review process where such attempts can be prevented/spotted and > users are not allowed to manually deploy their DAGs into Airflow > environments. > > It would be great to hear from you what other mechanisms you put in place to > protect against this vector of abuse/attack. > > Regards, Rafal. >
