Merge pull request #444 from lra/acl_doc_clarification

Acl doc clarification
This commit is contained in:
Armon Dadgar 2014-10-31 10:46:29 -07:00
commit 8a013f2a09
1 changed files with 6 additions and 1 deletions

View File

@ -178,7 +178,12 @@ definitions support being updated during a reload.
* `acl_datacenter` - Only used by servers. This designates the datacenter which * `acl_datacenter` - Only used by servers. This designates the datacenter which
is authoritative for ACL information. It must be provided to enable ACLs. is authoritative for ACL information. It must be provided to enable ACLs.
All servers and datacenters must agree on the ACL datacenter. All servers and datacenters must agree on the ACL datacenter. Setting it on
the servers is all you need for enforcement, but for the APIs to work on the
clients, it must be set on them too (to forward properly). Also, if we want
to enhance the ACL support for other features like service discovery,
enforcement might move to the edges, so it's best to just set the
`acl_datacenter` on all the nodes.
* `acl_default_policy` - Either "allow" or "deny", defaults to "allow". The * `acl_default_policy` - Either "allow" or "deny", defaults to "allow". The
default policy controls the behavior of a token when there is no matching default policy controls the behavior of a token when there is no matching