--- layout: commands page_title: 'Commands: ACL Policy' --- # Consul ACL Policies Command: `consul acl policy` The `acl policy` command is used to manage Consul's ACL policies. It exposes commands for creating, updating, reading, deleting, and listing policies. This command is available in Consul 1.4.0 and newer. ACL policies may also be managed via the [HTTP API](/consul/api-docs/acl/policies). -> **Note:** All of the example subcommands in this document will require a valid Consul token with the appropriate permissions. Either set the `CONSUL_HTTP_TOKEN` environment variable to the token's secret ID or pass the secret ID as the value of the `-token` parameter. ## Usage Usage: `consul acl policy ` For the exact documentation for your Consul version, run `consul acl policy -h` to view the complete list of subcommands. ```text Usage: consul acl policy [options] [args] ... Subcommands: create Create an ACL policy delete Delete an ACL policy list Lists ACL policies read Read an ACL policy update Update an ACL policy ``` For more information, examples, and usage about a subcommand, click on the name of the subcommand in the sidebar. ## Identifying Policies Several of the subcommands need to operate on a specific policy. Those subcommands support specifying the policy by its ID using the `-id` parameter or by name using the `-name` parameter. When specifying the policy by its ID a unique policy ID prefix may be specified instead of the entire UUID. As long as it is unique it will be resolved to the full UUID and used. Additionally builtin policy names will be accepted as the value to the `-id` parameter. Even if the builtin policies are renamed their original name can be used to operate on them. Builtin policies: | Policy UUID | Policy Name | | ------------------------------------ | ----------------- | | 00000000-0000-0000-0000-000000000001 | global-management | ## Basic Examples Create a new ACL policy: ```shell-session $ consul acl policy create -name "new-policy" \ -description "This is an example policy" \ -datacenter "dc1" \ -datacenter "dc2" \ -rules @rules.hcl ``` List all policies: ```shell-session $ consul acl policy list ``` Update a policy: ```shell-session $ consul acl policy update -name "other-policy" -datacenter "dc1" ``` Read a policy: ```shell-session $ consul acl policy read -id 0479e93e-091c-4475-9b06-79a004765c24 ``` Delete a policy ```shell-session $ consul acl policy delete -name "my-policy" ```