1.5 KiB
1.5 KiB
| layout | page_title | sidebar_current | description |
|---|---|---|---|
| guides | Web UI | guides-web-ui-securing | Learn how to use ACLs to secure the Web UI |
Securing the Web UI with ACLs
By default, all features—read and write—are available to all users of the Web UI. By using Access Control Lists, it is possible to lock down what users get access to which features.
Browsing the Web UI Without an Access Control Token
When a user browses the Web UI without specifying an access control token, they assume the rules of the anonymous policy. Since Nomad ACLs use a default-deny model, if ACLs are enabled and no anonymous policy is authored, the Web UI will show unauthorized messages on every page other than the settings page.
Setting an Access Control Token
From the ACL Tokens page, which is accessible from the top-right menu, you can set your access control token via the token Secret ID.
This token is saved to local storage and can be manually cleared from the ACL Tokens page.
