--- layout: api page_title: ACL Policies - HTTP API description: The /acl/policy endpoints are used to configure and manage ACL policies. --- # ACL Policies HTTP API The `/acl/policies` and `/acl/policy/` endpoints are used to manage ACL policies. For more details about ACLs, please see the [ACL Guide](/nomad/tutorials/access-control). ## List Policies This endpoint lists all ACL policies. This lists the policies that have been replicated to the region, and may lag behind the authoritative region. | Method | Path | Produces | | ------ | --------------- | ------------------ | | `GET` | `/acl/policies` | `application/json` | The table below shows this endpoint's support for [blocking queries](/nomad/api-docs#blocking-queries), [consistency modes](/nomad/api-docs#consistency-modes) and [required ACLs](/nomad/api-docs#acls). | Blocking Queries | Consistency Modes | ACL Required | | ---------------- | ----------------- | -------------------------------------------------------------------------------------------------------------------------------- | | `YES` | `all` | `management` for all policies.
Output when given a non-management token will be limited to the policies on the token itself | ### Parameters - `prefix` `(string: "")` - Specifies a string to filter ACL policies based on a name prefix. This is specified as a query string parameter. ### Sample Request ```shell-session $ curl \ https://localhost:4646/v1/acl/policies ``` ```shell-session $ curl \ https://localhost:4646/v1/acl/policies?prefix=prod ``` ### Sample Response ```json [ { "Name": "foo", "Description": "", "CreateIndex": 12, "ModifyIndex": 13 } ] ``` ## Create or Update Policy This endpoint creates or updates an ACL Policy. This request is always forwarded to the authoritative region. | Method | Path | Produces | | ------ | -------------------------- | -------------- | | `POST` | `/acl/policy/:policy_name` | `(empty body)` | The table below shows this endpoint's support for [blocking queries](/nomad/api-docs#blocking-queries) and [required ACLs](/nomad/api-docs#acls). | Blocking Queries | ACL Required | | ---------------- | ------------ | | `NO` | `management` | ### Parameters - `Name` `(string: )` - Specifies the name of the policy. Creates the policy if the name does not exist, otherwise updates the existing policy. - `Description` `(string: )` - Specifies a human readable description. - `Rules` `(string: )` - Specifies the Policy rules in HCL or JSON format. - `JobACL` `(JobACL: )` - Associates the policy with a given namespace, job, group, or task. Refer to [Workload Associated ACL Policies][concepts_workload_identity_acl] for more information. - `Namespace` `(string: )` - The namespace to attach the policy. Required if `JobID` is set. - `JobID` `(string: )` - The job to attach to the policy. Required if `Group` is set. - `Group` `(string: )` - The group to attach to the policy. Required if `Task` is set. - `Task` `(string: )` - The task to attach to the policy. ### Sample Payload ```json { "Name": "my-policy", "Description": "This is a great policy", "Rules": "", "JobACL": { "Namespace": "default", "JobID": "example" } } ``` ### Sample Request ```shell-session $ curl \ --request POST \ --data @payload.json \ https://localhost:4646/v1/acl/policy/my-policy ``` ## Read Policy This endpoint reads an ACL policy with the given name. This queries the policy that have been replicated to the region, and may lag behind the authoritative region. | Method | Path | Produces | | ------ | -------------------------- | ------------------ | | `GET` | `/acl/policy/:policy_name` | `application/json` | The table below shows this endpoint's support for [blocking queries](/nomad/api-docs#blocking-queries), [consistency modes](/nomad/api-docs#consistency-modes) and [required ACLs](/nomad/api-docs#acls). | Blocking Queries | Consistency Modes | ACL Required | | ---------------- | ----------------- | ------------------------------------------- | | `YES` | `all` | `management` or token with access to policy | ### Sample Request ```shell-session $ curl \ https://localhost:4646/v1/acl/policy/foo ``` ### Sample Response ```json { "Name": "foo", "Rules": "", "Description": "", "CreateIndex": 12, "ModifyIndex": 13 } ``` ## Delete Policy This endpoint deletes the named ACL policy. This request is always forwarded to the authoritative region. | Method | Path | Produces | | -------- | -------------------------- | -------------- | | `DELETE` | `/acl/policy/:policy_name` | `(empty body)` | The table below shows this endpoint's support for [blocking queries](/nomad/api-docs#blocking-queries) and [required ACLs](/nomad/api-docs#acls). | Blocking Queries | ACL Required | | ---------------- | ------------ | | `NO` | `management` | ### Parameters - `policy_name` `(string: )` - Specifies the policy name to delete. ### Sample Request ```shell-session $ curl \ --request DELETE \ https://localhost:4646/v1/acl/policy/foo ``` [concepts_workload_identity_acl]: /nomad/docs/concepts/workload-identity#workload-associated-acl-policies