From 75552a98c33cf3cb306197b3f9f2febb7b448504 Mon Sep 17 00:00:00 2001 From: Jeremy Jacobson Date: Fri, 28 Jul 2023 10:39:56 -0700 Subject: [PATCH] Add read-only to docs --- website/content/docs/security/acl/acl-policies.mdx | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/website/content/docs/security/acl/acl-policies.mdx b/website/content/docs/security/acl/acl-policies.mdx index f5d005ffbb50..f23b0246d0d0 100644 --- a/website/content/docs/security/acl/acl-policies.mdx +++ b/website/content/docs/security/acl/acl-policies.mdx @@ -393,6 +393,10 @@ New installations of Consul ship with the following built-in policies. The `global-management` policy grants unrestricted privileges to any token linked to it. The policy is assigned the reserved ID of `00000000-0000-0000-0000-000000000001`. You can rename the global management policy, but Consul will prevent you from modifying any other attributes, including the rule set and datacenter scope. +### Global Read-Only + +The `builtin/global-read-only` policy grants unrestricted _read-only_ privileges to any token linked to it. The policy is assigned the reserved ID of `00000000-0000-0000-0000-000000000002`. You can rename the global read-only policy, but Consul will prevent you from modifying any other attributes, including the rule set and datacenter scope. + ### Namespace Management The `namespace-management` policy will be injected into all namespaces you create. The policy will be assigned a randomized UUID and can be managed as a normal, user-defined policy within the namespace. This feature was added in Consul Enterprise 1.7.0.