Add broad-strokes 'security model' (#30843)

Add a broad-strokes description of the security expectations operator should expect. This will get included into https://airflow.apache.org/docs/apache-airflow/stable/administration-and-deployment/security/index.html I'm no Airflow expert so help definitely welcome. I would like this section to be a bit more prominent rather than hidden away under 'Administration and Deployment', but it looks like the structure was carefully considered in #27235 so this is probably fine. Eventually we could point the 'Security' link on the main pages like https://airflow.apache.org/ to this page. (cherry picked from commit f20c08a)
apache · Jun 8, 2023 · bb86b46 · bb86b46
1 parent 9924194
commit bb86b46
Showing 1 changed file with 15 additions and 0 deletions.
diff --git a/.github/SECURITY.rst b/.github/SECURITY.rst
@@ -15,6 +15,21 @@
     specific language governing permissions and limitations
     under the License.
 
+Security Model
+--------------
+
+In the Airflow security model, the system administrators are fully trusted.
+They are the only ones who can upload new DAGs, which gives them the ability
+to execute any code on the server.
+
+Authenticated web interface and API users with Admin/Op permissions are trusted,
+but to a lesser extent: they can configure the DAGs which gives them some control,
+but not arbitrary code execution.
+
+Authenticated Web interface and API users with 'regular' permissions are trusted
+to the point where they can impact resource consumption and pause/unpause configured DAGs,
+but not otherwise influence their functionality.
+
 Reporting Vulnerabilities
 -------------------------