Hi, I started a Tailscale trial yesterday, and so far it’s going really well, but I have a couple of questions about ACLs.
First, just to double-check, on the pricing page it says that the Connectivity plan has “Basic access controls”, is that just referring to the “Allow incoming connections” boolean flag? So any usage of ACLs requires the Security plan?
Second, I’m a little bit unclear on how exactly the machine–user relationship works and how it interacts with ACLs. I have some AWS servers that I’ve added to the network, which associated them with my user. If my user has blanket permissions, and another user has permission to SSH to one of those servers, do they then acquire additional permissions by having access to that server? Should I be setting up a generic machine user with no permissions? How does this interact, if at all, with subnet routes?
(The documentation is really very good, my lack of clarity probably reflects more on being outside my expertise than anything else.)