Maxime Beauchemin created AIRFLOW-518:
-----------------------------------------
Summary: Require DataProfilingMixin for the Variables CRUD access
Key: AIRFLOW-518
URL: https://issues.apache.org/jira/browse/AIRFLOW-518
Project: Apache Airflow
Issue Type: Improvement
Reporter: Maxime Beauchemin
Many of us use the "Variable" model CRUD (create/update/delete) as a k/v store
to power frameworks that read these values to dynamically generate pipelines.
With the basic "LoginMixin" role (lowest level of access to Airflow) having
access to the Variable CRUD, people could easily alter a Variable to run
arbitrary code on the platform, depending on how variables are use in that
environment.
It's a safer bet to elevate CRUD on Variable to DataProfilingMixin, and make
sure that the lowest level of access cannot interfere with these Variables.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
