Hello Community,
ACL rules are working fine for me so far. How do I block a user from accessing a specific host using ACL rules?
Thank you in anticipation.
No way yet to explicitly block a user. You have to set up the ACLs to allow everyone except that user.
To expand on the previous answer, the simplest answer might be to use groups. You just need to create a group that contains all of the users except the one that want to exclude from the target host. Then you just assign access to the exclusive group to the host you want to limit access to.
Important to note: This will ONLY work if you remove the default “* has access to : rule” which would override any restrictive rules.
{
"groups": {
"group:inclusive": [
"user1@example.com",
"user2@example.com",
"user3@example.com"
],
"group:exclusive": [
"user1@example.com",
"user2@example.com"
]
},
"hosts": {
"inclusive-host": "100.100.100.100",
"exclusive-host": "100.100.100.101",
},
"acls": [
{
"action": "accept",
"users": [
"*"
],
"ports": [
"inclusive-host:*"
]
},
{
"action": "accept",
"users": [
"group:exclusive"
],
"ports": [
"exclusive-host:*"
]
}
]
}