open-consul/website/source/docs/commands/intention/check.html.md.erb

---
layout: "docs"
page_title: "Commands: Intention Check"
sidebar_current: "docs-commands-intention-check"
---

# Consul Intention Check

Command: `consul intention check`

The `intention check` command checks whether a connection attempt between
two services would be authorized given the current set of intentions and
Consul configuration.

This command requires less ACL permissions than other intention-related
tasks because no information about the intention is revealed. Therefore,
callers only need to have `service:read` access for the destination. Richer
commands like [match](/docs/commands/intention/match.html) require full
intention read permissions and don't evaluate the result.

## Usage

Usage: `consul intention check [options] SRC DST`

#### API Options

<%= partial "docs/commands/http_api_options_client" %>

## Examples

```text
$ consul intention check web db
Denied

$ consul intention check web billing
Allowed
```
Starting Docs (#46) * website: first stab at Connect docs * website: lots more various stuff (bad commit messages) * website: getting started page for Connect * website: intentions * website: intention APIs * website: agent API docs * website: document agent/catalog proxy kind service values * website: /v1/catalog/connect/:service * website: intention CLI docs * website: custom proxy docs * website: remove dedicated getting started guide * website: add docs for CA API endpoints * website: add docs for connect ca commands * website: add proxy CLI docs * website: clean up proxy command, add dev docs * website: todo pages * website: connect security 2018-05-29 21:07:40 +00:00			`---`
			`layout: "docs"`
			`page_title: "Commands: Intention Check"`
			`sidebar_current: "docs-commands-intention-check"`
			`---`

			`# Consul Intention Check`

			Command: `consul intention check`

			The `intention check` command checks whether a connection attempt between
			`two services would be authorized given the current set of intentions and`
			`Consul configuration.`

			`This command requires less ACL permissions than other intention-related`
			`tasks because no information about the intention is revealed. Therefore,`
			callers only need to have `service:read` access for the destination. Richer
			`commands like [match](/docs/commands/intention/match.html) require full`
			`intention read permissions and don't evaluate the result.`

			`## Usage`

			Usage: `consul intention check [options] SRC DST`

			`#### API Options`

			`<%= partial "docs/commands/http_api_options_client" %>`

			`## Examples`

			```text
			`$ consul intention check web db`
			`Denied`

			`$ consul intention check web billing`
			`Allowed`
			```