🤔Opciones access control

access_control:
  ## Default policy can either be 'bypass', 'one_factor', 'two_factor' or 'deny'. It is the policy applied to any
  ## resource if there is no policy to be applied to the user.
  default_policy: deny

  networks:
    - name: internal
      networks:
        - 10.10.0.0/16
        - 192.168.2.0/24
    - name: VPN
      networks: 10.9.0.0/16

  rules:
    ## Rules applied to everyone
    - domain: 'public.example.com'
      policy: bypass

    ## Domain Regex examples. Generally we recommend just using a standard domain.
    # - domain_regex: '^(?P<User>\w+)\.example\.com$'
    #   policy: one_factor
    # - domain_regex: '^(?P<Group>\w+)\.example\.com$'
    #   policy: one_factor
    # - domain_regex:
    #    - '^appgroup-.*\.example\.com$'
    #    - '^appgroup2-.*\.example\.com$'
    #   policy: one_factor
    # - domain_regex: '^.*\.example\.com$'
    #   policy: two_factor

    - domain: 'secure.example.com'
      policy: one_factor
      ## Network based rule, if not provided any network matches.
      networks:
        - internal
        - VPN
        - 192.168.1.0/24
        - 10.0.0.1

    - domain:
        - 'secure.example.com'
        - 'private.example.com'
      policy: two_factor

    - domain: 'singlefactor.example.com'
      policy: one_factor

    ## Rules applied to 'admins' group
    - domain: 'mx2.mail.example.com'
      subject: 'group:admins'
      policy: deny

    - domain: '*.example.com'
      subject:
        - 'group:admins'
        - 'group:moderators'
      policy: two_factor

    ## Rules applied to 'dev' group
    - domain: 'dev.example.com'
      resources:
        - '^/groups/dev/.*$'
      subject: 'group:dev'
      policy: two_factor

    ## Rules applied to user 'john'
    - domain: 'dev.example.com'
      resources:
        - '^/users/john/.*$'
      subject: 'user:john'
      policy: two_factor

    ## Rules applied to user 'harry'
    - domain: 'dev.example.com'
      resources:
        - '^/users/harry/.*$'
      subject: 'user:harry'
      policy: two_factor

    ## Rules applied to user 'bob'
    - domain: '*.mail.example.com'
      subject: 'user:bob'
      policy: two_factor
    - domain: 'dev.example.com'
      resources:
        - '^/users/bob/.*$'
      subject: 'user:bob'
      policy: two_factor

Última actualización