33 lines
1.5 KiB
Markdown
33 lines
1.5 KiB
Markdown
---
|
|
layout: "guides"
|
|
page_title: "Web UI"
|
|
sidebar_current: "guides-web-ui-securing"
|
|
description: |-
|
|
Learn how to use ACLs to secure the Web UI
|
|
---
|
|
|
|
# Securing the Web UI with ACLs
|
|
|
|
By default, all features—read and write—are available to all users of the Web UI. By using [Access Control Lists](/guides/security/acl.html), it is possible to lock down what users get access to which features.
|
|
|
|
## Browsing the Web UI Without an Access Control Token
|
|
|
|
When a user browses the Web UI without specifying an access control token, they assume the rules of the [anonymous policy](/guides/security/acl.html#set-an-anonymous-policy-optional-). Since Nomad ACLs use a default-deny model, if ACLs are enabled and no anonymous policy is authored, the Web UI will show unauthorized messages on every page other than the settings page.
|
|
|
|
[![Not authorized to see jobs][img-jobs-list-unauthorized]][img-jobs-list-unauthorized]
|
|
|
|
## Setting an Access Control Token
|
|
|
|
From the ACL Tokens page, which is accessible from the top-right menu, you can set your access control token via the token Secret ID.
|
|
|
|
This token is saved to local storage and can be manually cleared from the ACL Tokens page.
|
|
|
|
[![ACL token page][img-acl-token]][img-acl-token]
|
|
|
|
[![ACL token set][img-acl-token-set]][img-acl-token-set]
|
|
|
|
|
|
[img-jobs-list-unauthorized]: /assets/images/guide-ui-jobs-list-unauthorized.png
|
|
[img-acl-token]: /assets/images/guide-ui-acl-token.png
|
|
[img-acl-token-set]: /assets/images/guide-ui-acl-token-set.png
|