apache · jscheffl · May 20, 2026 · May 11, 2026 · May 19, 2026 · May 19, 2026
@@ -108,9 +108,12 @@ run on the central Airflow instance:
 To kick off a worker, you need to setup Airflow and kick off the worker
 subcommand.
 
-If your Airflow deployment uses Multi-Team mode, assign the worker to its team with
-the ``--team-name`` option so it only picks up jobs for that team. See
-:ref:`edge_executor:multi_team` for setup details and security considerations.
+If your Airflow deployment uses the experimental Multi-Team mode, assign the worker
+to its team with the ``--team-name`` option so it only picks up jobs for that team.
+The flag is a UI/REST API-level hint — the Execution API does not currently enforce
+team-based access boundaries. See :ref:`edge_executor:multi_team` for setup details
+and :doc:`apache-airflow:security/workload` (section "No team-level isolation in
+Execution API") for the security boundary.
 
 .. code-block:: bash
 

@@ -89,10 +89,19 @@ each worker only picks up jobs assigned to its team.
 
     airflow edge worker --team-name team_a -q queue1,queue2
 
-When ``--team-name`` is omitted, the worker operates without team isolation — the
+When ``--team-name`` is omitted, the worker operates as a default-team worker — the
 same behavior as a single-team deployment. Existing workers continue to work without
 any changes.
 
+.. note::
+
+    ``--team-name`` is an experimental UI/REST API-level hint. The Execution API
+    does not currently enforce team-based access boundaries — workloads from
+    different teams share the same Execution API, JWT signing keys, and access to
+    connections, variables, and XComs. See
+    :doc:`apache-airflow:security/workload` (section "No team-level isolation in
+    Execution API") for the full security boundary discussion.
+
 **Per-team configuration overrides:**
 
 Each team's EdgeExecutor can have its own settings. Use environment variables with

@@ -40,7 +40,13 @@
         "-t",
         "--team-name",
     ),
-    help="Team name for multi-team setups. If not provided, worker operates without team isolation.",
+    help=(
+        "Team name for the experimental ``[core] multi_team`` feature. This is a "
+        "UI/REST API-level hint; the Execution API does not currently enforce "
+        "team-based access boundaries (see ``airflow-core/docs/security/workload.rst``, "
+        "section 'No team-level isolation in Execution API'). If omitted, the worker "
+        "operates as a default-team worker."
+    ),
 )
 ARG_EDGE_HOSTNAME = Arg(
     ("-H", "--edge-hostname"),

@@ -125,7 +125,14 @@ class WorkerQueuesBase(BaseModel):
         str | None,
         Field(
             None,
-            description="Team name for multi-team setups. If not provided, worker operates without team isolation.",
+            description=(
+                "Team name for the experimental ``[core] multi_team`` feature. "
+                "This is a UI/REST API-level hint; the Execution API does not "
+                "currently enforce team-based access boundaries -- see "
+                "``airflow-core/docs/security/workload.rst`` (section: "
+                "'No team-level isolation in Execution API'). Workers without "
+                "team_name behave as default-team workers."
+            ),
         ),
     ] = None
 

@@ -1321,8 +1321,11 @@ components:
           - type: string
           - type: 'null'
           title: Team Name
-          description: Team name for multi-team setups. If not provided, worker operates
-            without team isolation.
+          description: 'Team name for the experimental ``[core] multi_team`` feature.
+            This is a UI/REST API-level hint; the Execution API does not currently
+            enforce team-based access boundaries -- see ``airflow-core/docs/security/workload.rst``
+            (section: ''No team-level isolation in Execution API''). Workers without
+            team_name behave as default-team workers.'
         state:
           $ref: '#/components/schemas/EdgeWorkerState'
           description: State of the worker from the view of the worker.
@@ -1435,8 +1438,11 @@ components:
           - type: string
           - type: 'null'
           title: Team Name
-          description: Team name for multi-team setups. If not provided, worker operates
-            without team isolation.
+          description: 'Team name for the experimental ``[core] multi_team`` feature.
+            This is a UI/REST API-level hint; the Execution API does not currently
+            enforce team-based access boundaries -- see ``airflow-core/docs/security/workload.rst``
+            (section: ''No team-level isolation in Execution API''). Workers without
+            team_name behave as default-team workers.'
         free_concurrency:
           type: integer
           title: Free Concurrency
@@ -1523,8 +1529,11 @@ components:
           - type: string
           - type: 'null'
           title: Team Name
-          description: Team name for multi-team setups. If not provided, worker operates
-            without team isolation.
+          description: 'Team name for the experimental ``[core] multi_team`` feature.
+            This is a UI/REST API-level hint; the Execution API does not currently
+            enforce team-based access boundaries -- see ``airflow-core/docs/security/workload.rst``
+            (section: ''No team-level isolation in Execution API''). Workers without
+            team_name behave as default-team workers.'
         state:
           $ref: '#/components/schemas/EdgeWorkerState'
           description: State of the worker from the view of the worker.