5 unique users in ACL policy

We’re looking into using tailscale for giving users access to our company network. I’m tasked with looking at the different plans. I’m not sure how ACLs are used yet, so the line:

  • 5 unique users in ACL policy

is a bit confusing for me.

Regarding network access, our company basically consists of 3 groups: 2 admins, about 10-15 superusers and the normal users. The total company size is about 50.

The admins should have access to all servers, the superusers only to a couple, and the normal users only to the file server and the domain controllers.

So the question is, is this configurable via ACLs? And do I run into the limit of 5 unique users if I only want 3 groups? Or does every group member count as a separate user?

One might structure the ACLs so that "Users": ["*"] has access to the file server and domain controllers. So normal users don’t need to be uniquely listed in the ACL policy.

Setting up 15 superusers and 2 admins would be 17 named users in ACLs.

1 Like

@DGentry @par A late addition: It seems that all internal users count toward the ACL user limit. External users do not.

This confused me a lot, as I couldn’t figure out what number tailscale was counting.