open-consul/website/pages/docs/commands/intention/check.mdx

---
layout: docs
page_title: 'Commands: Intention Check'
sidebar_title: 'check'
sidebar_current: docs-commands-intention-check
---

# Consul Intention Check

Command: `consul intention check`

The `intention check` command checks whether a connection attempt between
two services would be authorized given the current set of intentions and
Consul configuration.

This command requires less ACL permissions than other intention-related
tasks because no information about the intention is revealed. Therefore,
callers only need to have `service:read` access for the destination. Richer
commands like [match](/docs/commands/intention/match) require full
intention read permissions and don't evaluate the result.

## Usage

Usage: `consul intention check [options] SRC DST`

#### API Options

@include 'http_api_options_client.mdx'

## Examples

```text
$ consul intention check web db
Denied

$ consul intention check web billing
Allowed
```
Starting Docs (#46) * website: first stab at Connect docs * website: lots more various stuff (bad commit messages) * website: getting started page for Connect * website: intentions * website: intention APIs * website: agent API docs * website: document agent/catalog proxy kind service values * website: /v1/catalog/connect/:service * website: intention CLI docs * website: custom proxy docs * website: remove dedicated getting started guide * website: add docs for CA API endpoints * website: add docs for connect ca commands * website: add proxy CLI docs * website: clean up proxy command, add dev docs * website: todo pages * website: connect security 2018-05-29 21:07:40 +00:00			`---`
intro and api navigation converted 2020-04-07 18:55:19 +00:00			`layout: docs`
			`page_title: 'Commands: Intention Check'`
docs rendering 2020-04-07 23:56:08 +00:00			`sidebar_title: 'check'`
intro and api navigation converted 2020-04-07 18:55:19 +00:00			`sidebar_current: docs-commands-intention-check`
Starting Docs (#46) * website: first stab at Connect docs * website: lots more various stuff (bad commit messages) * website: getting started page for Connect * website: intentions * website: intention APIs * website: agent API docs * website: document agent/catalog proxy kind service values * website: /v1/catalog/connect/:service * website: intention CLI docs * website: custom proxy docs * website: remove dedicated getting started guide * website: add docs for CA API endpoints * website: add docs for connect ca commands * website: add proxy CLI docs * website: clean up proxy command, add dev docs * website: todo pages * website: connect security 2018-05-29 21:07:40 +00:00			`---`

			`# Consul Intention Check`

			Command: `consul intention check`

			The `intention check` command checks whether a connection attempt between
			`two services would be authorized given the current set of intentions and`
			`Consul configuration.`

			`This command requires less ACL permissions than other intention-related`
			`tasks because no information about the intention is revealed. Therefore,`
			callers only need to have `service:read` access for the destination. Richer
replace internal .html link extensions 2020-04-09 23:46:54 +00:00			`commands like [match](/docs/commands/intention/match) require full`
Starting Docs (#46) * website: first stab at Connect docs * website: lots more various stuff (bad commit messages) * website: getting started page for Connect * website: intentions * website: intention APIs * website: agent API docs * website: document agent/catalog proxy kind service values * website: /v1/catalog/connect/:service * website: intention CLI docs * website: custom proxy docs * website: remove dedicated getting started guide * website: add docs for CA API endpoints * website: add docs for connect ca commands * website: add proxy CLI docs * website: clean up proxy command, add dev docs * website: todo pages * website: connect security 2018-05-29 21:07:40 +00:00			`intention read permissions and don't evaluate the result.`

			`## Usage`

			Usage: `consul intention check [options] SRC DST`

			`#### API Options`

intro and api navigation converted 2020-04-07 18:55:19 +00:00			`@include 'http_api_options_client.mdx'`
Starting Docs (#46) * website: first stab at Connect docs * website: lots more various stuff (bad commit messages) * website: getting started page for Connect * website: intentions * website: intention APIs * website: agent API docs * website: document agent/catalog proxy kind service values * website: /v1/catalog/connect/:service * website: intention CLI docs * website: custom proxy docs * website: remove dedicated getting started guide * website: add docs for CA API endpoints * website: add docs for connect ca commands * website: add proxy CLI docs * website: clean up proxy command, add dev docs * website: todo pages * website: connect security 2018-05-29 21:07:40 +00:00
			`## Examples`

			```text
			`$ consul intention check web db`
			`Denied`

			`$ consul intention check web billing`
			`Allowed`
			```