You are browsing unreleased documentation.
Setting up and using ACLs
Prerequisites
- Configure your service or route with an authentication plugin so that the plugin can identify the client consumer making the request.
- Enable the ACL plugin
Associate consumers with an ACL
You can have more than one group associated to a consumer.
Upstream headers
When a consumer has been validated, the plugin appends a X-Consumer-Groups
header to the request before proxying it to the Upstream service, so that you can
identify the groups associated with the consumer. The value of the header is a
comma-separated list of groups that belong to the consumer, like admin, pro_user
.
This header will not be injected in the request to the upstream service if
the hide_groups_header
config flag is set to true
.