5 unique users in ACL policy

par · January 27, 2022, 8:50pm

We’re looking into using tailscale for giving users access to our company network. I’m tasked with looking at the different plans. I’m not sure how ACLs are used yet, so the line:

5 unique users in ACL policy

is a bit confusing for me.

Regarding network access, our company basically consists of 3 groups: 2 admins, about 10-15 superusers and the normal users. The total company size is about 50.

The admins should have access to all servers, the superusers only to a couple, and the normal users only to the file server and the domain controllers.

So the question is, is this configurable via ACLs? And do I run into the limit of 5 unique users if I only want 3 groups? Or does every group member count as a separate user?

DGentry · January 29, 2022, 5:25am

One might structure the ACLs so that "Users": ["*"] has access to the file server and domain controllers. So normal users don’t need to be uniquely listed in the ACL policy.

Setting up 15 superusers and 2 admins would be 17 named users in ACLs.

v3q5 · March 5, 2022, 12:39pm

@DGentry @par A late addition: It seems that all internal users count toward the ACL user limit. External users do not.

This confused me a lot, as I couldn’t figure out what number tailscale was counting.

Topic		Replies	Views
Unique users in ACL ACL (Access Control Lists)	2	641	December 21, 2022
Help Creating ACLs/Policy File ACL (Access Control Lists)	0	786	September 26, 2022
Remote Management Policy	1	396	December 13, 2022
Questions about ACLs ACL (Access Control Lists)	1	1383	October 15, 2020
Beta features! ACL tags, subnet ACLs, and pre-auth keys Tailscale About articles (troubleshooting, info)	0	1073	October 9, 2020

5 unique users in ACL policy

Related topics