5 unique users in ACL policy

par · January 27, 2022, 8:50pm

We’re looking into using tailscale for giving users access to our company network. I’m tasked with looking at the different plans. I’m not sure how ACLs are used yet, so the line:

5 unique users in ACL policy

is a bit confusing for me.

Regarding network access, our company basically consists of 3 groups: 2 admins, about 10-15 superusers and the normal users. The total company size is about 50.

The admins should have access to all servers, the superusers only to a couple, and the normal users only to the file server and the domain controllers.

So the question is, is this configurable via ACLs? And do I run into the limit of 5 unique users if I only want 3 groups? Or does every group member count as a separate user?

DGentry · January 29, 2022, 5:25am

One might structure the ACLs so that "Users": ["*"] has access to the file server and domain controllers. So normal users don’t need to be uniquely listed in the ACL policy.

Setting up 15 superusers and 2 admins would be 17 named users in ACLs.

v3q5 · March 5, 2022, 12:39pm

@DGentry @par A late addition: It seems that all internal users count toward the ACL user limit. External users do not.

This confused me a lot, as I couldn’t figure out what number tailscale was counting.

Topic		Replies	Views
Unique users in ACL ACL (Access Control Lists)	2	640	December 21, 2022
Help Creating ACLs/Policy File ACL (Access Control Lists)	0	777	September 26, 2022
Remote Management Policy	1	394	December 13, 2022
Questions about ACLs ACL (Access Control Lists)	1	1381	October 15, 2020
Beta features! ACL tags, subnet ACLs, and pre-auth keys Tailscale About articles (troubleshooting, info)	0	1070	October 9, 2020

5 unique users in ACL policy

Related Topics