Skip to content
Kong Docs are moving soon! Our docs are migrating to a new home. You'll be automatically redirected to the new site in the future. In the meantime, view this page on the new site!
|
Plugin Hub
github-edit-pageEdit this page
report-issueReport an issue
header icon

ACL

By Kong Inc.

Looking for the plugin's configuration parameters? You can find them in the ACL configuration reference doc.

Restrict access to a service or a route by adding consumers to allowed or denied lists using arbitrary ACL groups. This plugin requires an authentication plugin (such as Basic Authentication, Key Authentication, OAuth 2.0 or OpenID Connect) to have been already enabled on the service or route.

You can also enable the usage of consumer groups by setting the config option include_consumer_groups to true. This option lets Kong Gateway take both ACL groups and consumer groups into consideration when evaluating the allow and deny fields.

You can’t configure an ACL with both allow and deny configurations. An ACL with an allow provides a positive security model, in which the configured groups are allowed access to the resources, and all others are inherently rejected. By contrast, a deny configuration provides a negative security model, in which certain groups are explicitly denied access to the resource (and all others are allowed).

Get started with the ACL plugin