potiuk commented on PR #36035: URL: https://github.com/apache/airflow/pull/36035#issuecomment-1838243276
Ok. I added a few more touches and the "DAG file processor" case is now much nicer and cleaner shows what I wanted to show - separation between the part where DAG files are actually parsed and executed and when they are not. In this case also separation betwen the Users is much more apparent - showing that the UI user has no influence on Arbitrary DAG code execution while the DAG author does not. For me this is really first stepping stone/diagram that we will explain in the future for multi-tenancy architecture (which will mostly be showing how you can build Airfflow from it's building block in order to achieve multi-tenant architecture if you really want. So I think it's worth to gradually introduce this architecture (and link to the architecture from our Security Model which describes the details about those different types of users and their capabilities. I'v also added links between the architecture and security model involved, as I think this is a great way to educate the users on security implications of the architecture they chose. WDYT @BasPH ? -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: commits-unsubscr...@airflow.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
