authelia/docs/content/en/overview/authorization/access-control.md

48 lines
1.4 KiB
Markdown
Raw Normal View History

---
title: "Access Control"
description: "Access Control is the main authorization system in Authelia."
lead: "Access Control is the main authorization system in Authelia."
date: 2022-03-20T22:52:38+11:00
draft: false
images: []
menu:
overview:
parent: "authorization"
weight: 310
toc: false
aliases:
- /docs/features/access-control.html
---
__Authelia__ allows defining fine-grained rules-based access control policies. This list of rules is tested against
any requests protected by Authelia and defines the level of authentication the user must pass to get authorization to
the resource.
## Example
For instance a rule can look like this:
```yaml
access_control:
rules:
- domain: dev.example.com
resources:
- '^/groups/dev/.*$'
subject: 'group:dev'
policy: two_factor
methods:
- GET
- POST
networks:
- 192.168.1.0/24
```
This rule matches when the request targets the domain `dev.example.com`, the path matches the regular expression
`^/groups/dev/.*$`, the user is a member of the `dev` group, the request comes from a client on the 192.168.2.0/24
subnet, and the HTTP method verb is GET or POST. In that case, a two-factor policy is applied requiring the user to
authenticate with two factors.
## Configuration
Please check the dedicated [documentation](../../configuration/security/access-control.md).