{"slug":"control-model-access","title":"Control model access","tags":["tailscale","access-control"],"agent_summary":"Last validated: Apr 9, 2026","trigger_phrases":[],"runnable":false,"markdown":"\r\n# Control model access\r\n\r\nLast validated: Apr 9, 2026\r\n\r\nAperture by Tailscaleis currently [in alpha](https://tailscale.com/docs/reference/tailscale-release-stages#alpha).\r\n\r\nAperture is deny-by-default. Without grants, users can connect to the Aperture device but cannot access any models. This guide covers how to configure network access to Aperture and set up grants that control which models each user or group can use.\r\n\r\nFor more information on how Aperture uses Tailscale identity for authentication and access control, refer to [How Aperture works](https://tailscale.com/docs/aperture/how-aperture-works).\r\n\r\n## [Prerequisites](https://tailscale.com/docs/aperture/how-to/grant-model-access\\#prerequisites)\r\n\r\nBefore you begin, ensure you have the following:\r\n\r\n- An [Aperture instance](https://tailscale.com/docs/aperture/get-started) with at least one configured provider.\r\n- [Admin access](https://tailscale.com/docs/aperture/how-to/set-up-admin-access) to the Aperture dashboard.\r\n- Access to the Tailscale admin console.\r\n\r\n## [Step 1: Allow network access to the Aperture device](https://tailscale.com/docs/aperture/how-to/grant-model-access\\#step-1-allow-network-access-to-the-aperture-device)\r\n\r\nBefore users can access models, they need network connectivity to the Aperture device through your tailnet.\r\n\r\n1. Sign in to the Tailscale admin console.\r\n2. Go to the [Access controls](https://login.tailscale.com/admin/acls/file) page.\r\n3. Confirm that your access control rules allow users to connect to the Aperture device.\r\n\r\nThe following example permits all users in `group:ai-users` to connect to the Aperture instance with the hostname `ai`:\r\n\r\n```json\r\n{\r\n  \"groups\": {\r\n    \"group:ai-users\": [\\\r\n      \"dave@example.com\",\\\r\n      \"alice@example.com\"\\\r\n    ]\r\n  },\r\n  \"hosts\": {\r\n    \"ai\": \"<YOUR_APERTURE_IP_ADDRESS>\"\r\n  },\r\n  \"grants\": [\\\r\n    {\\\r\n      \"src\": [\"group:ai-users\"],\\\r\n      \"dst\": [\"ai\"],\\\r\n      \"ip\": [\"tcp:80\", \"tcp:443\", \"icmp:*\"]\\\r\n    }\\\r\n  ]\r\n}\r\n```\r\n\r\nReplace `<YOUR_APERTURE_IP_ADDRESS>` with the Tailscale IP address of your Aperture device.\r\n\r\nYou can also use [Tailscale tags](https://tailscale.com/docs/features/tags) to manage access to the Aperture instance. Assign a tag (for example, `tag:ai`) to the Aperture device and use it as the `dst` in your grant rule.\r\n\r\n## [Step 2: Configure grants to control model access](https://tailscale.com/docs/aperture/how-to/grant-model-access\\#step-2-configure-grants-to-control-model-access)\r\n\r\nAfter users can reach the Aperture device, configure grants to define which models they can access. You can configure grants in the Aperture dashboard or in your tailnet policy file.\r\n\r\n**In the Aperture dashboard**: Open the **Settings** page and use the **Visual editor** or the **JSON editor**.\r\n\r\n**In the tailnet policy file**: Add grants with `tailscale.com/cap/aperture` capabilities. This approach lets you use Tailscale groups and tags. Refer to the [grants configuration reference](https://tailscale.com/docs/aperture/configuration#grants) for the full syntax.\r\n\r\nThe following example grants all users standard user access and allows them to use all Anthropic models. This example uses the Aperture configuration format:\r\n\r\n```json\r\n{\r\n  \"grants\": [\\\r\n    {\\\r\n      \"src\": [\"*\"],\\\r\n      \"app\": {\\\r\n        \"tailscale.com/cap/aperture\": [\\\r\n          { \"role\": \"user\" },\\\r\n          { \"models\": \"anthropic/**\" }\\\r\n        ]\\\r\n      }\\\r\n    }\\\r\n  ]\r\n}\r\n```\r\n\r\nTo restrict access to specific users, replace `\"*\"` with individual login names (for example, `\"alice@example.com\"`).\r\n\r\nIf you use the tailnet policy file instead, you can match on Tailscale groups and tags. The following example grants members of `group:ai-users` access to all Anthropic models:\r\n\r\n```json\r\n{\r\n  \"grants\": [\\\r\n    {\\\r\n      \"src\": [\"group:ai-users\"],\\\r\n      \"dst\": [\"tag:aperture\"],\\\r\n      \"app\": {\\\r\n        \"tailscale.com/cap/aperture\": [\\\r\n          { \"role\": \"user\" },\\\r\n          { \"models\": \"anthropic/**\" }\\\r\n        ]\\\r\n      }\\\r\n    }\\\r\n  ]\r\n}\r\n```\r\n\r\nEach capability entry under `tailscale.com/cap/aperture` has these fields:\r\n\r\n- **`role`**: Required. Set to `\"user\"` for standard access or `\"admin\"` for administrative access. Without a `role` grant, users receive HTTP 403 responses even if they have model grants.\r\n- **`models`**: A glob pattern that specifies which models the user can access, in `provider/model` format. For example, `\"anthropic/**\"` matches all Anthropic models, and `\"**\"` matches all models from all providers.\r\n\r\n### [Model pattern examples](https://tailscale.com/docs/aperture/how-to/grant-model-access\\#model-pattern-examples)\r\n\r\nThe following examples show how to use patterns to grant access to specific models:\r\n\r\n| Pattern | Matches |\r\n| --- | --- |\r\n| `\"**\"` | All models from all providers |\r\n| `\"anthropic/**\"` | All Anthropic models |\r\n| `\"openai/gpt-5\"` | Exactly `openai/gpt-5` |\r\n| `\"*/claude-sonnet*\"` | Any `claude-sonnet*` model from any single provider |\r\n\r\nGroups (for example, `group:engineering`) are only available in grants specified in the tailnet policy file. The Aperture configuration can only match on individual login names or tags.\r\n\r\n## [Verify access](https://tailscale.com/docs/aperture/how-to/grant-model-access\\#verify-access)\r\n\r\nAfter configuring grants, verify that users can access the expected models. Send a test request from a device connected to the tailnet. You can do this with `curl` or any HTTP client. For example:\r\n\r\n```shell\r\ncurl -s http://ai/v1/messages \\\r\n  -H \"Content-Type: application/json\" \\\r\n  -d '{\r\n    \"model\": \"claude-sonnet-4-20250514\",\r\n    \"max_tokens\": 25,\r\n    \"messages\": [{\"role\": \"user\", \"content\": \"respond with: hello\"}]\r\n  }'\r\n```\r\n\r\nIf the request returns a successful response, the grant is working. If you receive an HTTP 403 error, check that the user has both a `role` grant and a matching `models` grant. Refer to [Troubleshooting Aperture](https://tailscale.com/docs/aperture/troubleshooting) for help diagnosing access issues.\r\n\r\n## [Next steps](https://tailscale.com/docs/aperture/how-to/grant-model-access\\#next-steps)\r\n\r\n- [Grant access to MCP tools](https://tailscale.com/docs/aperture/how-to/grant-mcp-tool-access) to control which MCP tools users can access.\r\n- [Set per-user spending limits](https://tailscale.com/docs/aperture/how-to/set-per-user-spending-limits) to manage costs.\r\n- [Set up LLM clients](https://tailscale.com/docs/aperture/use-your-tools) to connect through Aperture.\r\n\r\n![Project Logo](https://cdn.brandfetch.io/tailscale.com/fallback/lettermark/theme/dark/h/256/w/256/icon?c=1bfwsmEH20zzEfSNTed)\r\n\r\nAsk AI\r\n\r\nreCAPTCHA\r\n\r\nRecaptcha requires verification.\r\n\r\nprotected by **reCAPTCHA**\r\n","html":"<h1>Control model access</h1>\n<p>Last validated: Apr 9, 2026</p>\n<p>Aperture by Tailscaleis currently <a href=\"https://tailscale.com/docs/reference/tailscale-release-stages#alpha\">in alpha</a>.</p>\n<p>Aperture is deny-by-default. Without grants, users can connect to the Aperture device but cannot access any models. This guide covers how to configure network access to Aperture and set up grants that control which models each user or group can use.</p>\n<p>For more information on how Aperture uses Tailscale identity for authentication and access control, refer to <a href=\"https://tailscale.com/docs/aperture/how-aperture-works\">How Aperture works</a>.</p>\n<h2><a href=\"https://tailscale.com/docs/aperture/how-to/grant-model-access#prerequisites\">Prerequisites</a></h2>\n<p>Before you begin, ensure you have the following:</p>\n<ul>\n<li>An <a href=\"https://tailscale.com/docs/aperture/get-started\">Aperture instance</a> with at least one configured provider.</li>\n<li><a href=\"https://tailscale.com/docs/aperture/how-to/set-up-admin-access\">Admin access</a> to the Aperture dashboard.</li>\n<li>Access to the Tailscale admin console.</li>\n</ul>\n<h2><a href=\"https://tailscale.com/docs/aperture/how-to/grant-model-access#step-1-allow-network-access-to-the-aperture-device\">Step 1: Allow network access to the Aperture device</a></h2>\n<p>Before users can access models, they need network connectivity to the Aperture device through your tailnet.</p>\n<ol>\n<li>Sign in to the Tailscale admin console.</li>\n<li>Go to the <a href=\"https://login.tailscale.com/admin/acls/file\">Access controls</a> page.</li>\n<li>Confirm that your access control rules allow users to connect to the Aperture device.</li>\n</ol>\n<p>The following example permits all users in <code>group:ai-users</code> to connect to the Aperture instance with the hostname <code>ai</code>:</p>\n<pre><code class=\"language-json\">{\r\n  \"groups\": {\r\n    \"group:ai-users\": [\\\r\n      \"dave@example.com\",\\\r\n      \"alice@example.com\"\\\r\n    ]\r\n  },\r\n  \"hosts\": {\r\n    \"ai\": \"&#x3C;YOUR_APERTURE_IP_ADDRESS>\"\r\n  },\r\n  \"grants\": [\\\r\n    {\\\r\n      \"src\": [\"group:ai-users\"],\\\r\n      \"dst\": [\"ai\"],\\\r\n      \"ip\": [\"tcp:80\", \"tcp:443\", \"icmp:*\"]\\\r\n    }\\\r\n  ]\r\n}\n</code></pre>\n<p>Replace <code>&#x3C;YOUR_APERTURE_IP_ADDRESS></code> with the Tailscale IP address of your Aperture device.</p>\n<p>You can also use <a href=\"https://tailscale.com/docs/features/tags\">Tailscale tags</a> to manage access to the Aperture instance. Assign a tag (for example, <code>tag:ai</code>) to the Aperture device and use it as the <code>dst</code> in your grant rule.</p>\n<h2><a href=\"https://tailscale.com/docs/aperture/how-to/grant-model-access#step-2-configure-grants-to-control-model-access\">Step 2: Configure grants to control model access</a></h2>\n<p>After users can reach the Aperture device, configure grants to define which models they can access. You can configure grants in the Aperture dashboard or in your tailnet policy file.</p>\n<p><strong>In the Aperture dashboard</strong>: Open the <strong>Settings</strong> page and use the <strong>Visual editor</strong> or the <strong>JSON editor</strong>.</p>\n<p><strong>In the tailnet policy file</strong>: Add grants with <code>tailscale.com/cap/aperture</code> capabilities. This approach lets you use Tailscale groups and tags. Refer to the <a href=\"https://tailscale.com/docs/aperture/configuration#grants\">grants configuration reference</a> for the full syntax.</p>\n<p>The following example grants all users standard user access and allows them to use all Anthropic models. This example uses the Aperture configuration format:</p>\n<pre><code class=\"language-json\">{\r\n  \"grants\": [\\\r\n    {\\\r\n      \"src\": [\"*\"],\\\r\n      \"app\": {\\\r\n        \"tailscale.com/cap/aperture\": [\\\r\n          { \"role\": \"user\" },\\\r\n          { \"models\": \"anthropic/**\" }\\\r\n        ]\\\r\n      }\\\r\n    }\\\r\n  ]\r\n}\n</code></pre>\n<p>To restrict access to specific users, replace <code>\"*\"</code> with individual login names (for example, <code>\"alice@example.com\"</code>).</p>\n<p>If you use the tailnet policy file instead, you can match on Tailscale groups and tags. The following example grants members of <code>group:ai-users</code> access to all Anthropic models:</p>\n<pre><code class=\"language-json\">{\r\n  \"grants\": [\\\r\n    {\\\r\n      \"src\": [\"group:ai-users\"],\\\r\n      \"dst\": [\"tag:aperture\"],\\\r\n      \"app\": {\\\r\n        \"tailscale.com/cap/aperture\": [\\\r\n          { \"role\": \"user\" },\\\r\n          { \"models\": \"anthropic/**\" }\\\r\n        ]\\\r\n      }\\\r\n    }\\\r\n  ]\r\n}\n</code></pre>\n<p>Each capability entry under <code>tailscale.com/cap/aperture</code> has these fields:</p>\n<ul>\n<li><strong><code>role</code></strong>: Required. Set to <code>\"user\"</code> for standard access or <code>\"admin\"</code> for administrative access. Without a <code>role</code> grant, users receive HTTP 403 responses even if they have model grants.</li>\n<li><strong><code>models</code></strong>: A glob pattern that specifies which models the user can access, in <code>provider/model</code> format. For example, <code>\"anthropic/**\"</code> matches all Anthropic models, and <code>\"**\"</code> matches all models from all providers.</li>\n</ul>\n<h3><a href=\"https://tailscale.com/docs/aperture/how-to/grant-model-access#model-pattern-examples\">Model pattern examples</a></h3>\n<p>The following examples show how to use patterns to grant access to specific models:</p>\n<p>| Pattern | Matches |\r\n| --- | --- |\r\n| <code>\"**\"</code> | All models from all providers |\r\n| <code>\"anthropic/**\"</code> | All Anthropic models |\r\n| <code>\"openai/gpt-5\"</code> | Exactly <code>openai/gpt-5</code> |\r\n| <code>\"*/claude-sonnet*\"</code> | Any <code>claude-sonnet*</code> model from any single provider |</p>\n<p>Groups (for example, <code>group:engineering</code>) are only available in grants specified in the tailnet policy file. The Aperture configuration can only match on individual login names or tags.</p>\n<h2><a href=\"https://tailscale.com/docs/aperture/how-to/grant-model-access#verify-access\">Verify access</a></h2>\n<p>After configuring grants, verify that users can access the expected models. Send a test request from a device connected to the tailnet. You can do this with <code>curl</code> or any HTTP client. For example:</p>\n<pre><code class=\"language-shell\">curl -s http://ai/v1/messages \\\r\n  -H \"Content-Type: application/json\" \\\r\n  -d '{\r\n    \"model\": \"claude-sonnet-4-20250514\",\r\n    \"max_tokens\": 25,\r\n    \"messages\": [{\"role\": \"user\", \"content\": \"respond with: hello\"}]\r\n  }'\n</code></pre>\n<p>If the request returns a successful response, the grant is working. If you receive an HTTP 403 error, check that the user has both a <code>role</code> grant and a matching <code>models</code> grant. Refer to <a href=\"https://tailscale.com/docs/aperture/troubleshooting\">Troubleshooting Aperture</a> for help diagnosing access issues.</p>\n<h2><a href=\"https://tailscale.com/docs/aperture/how-to/grant-model-access#next-steps\">Next steps</a></h2>\n<ul>\n<li><a href=\"https://tailscale.com/docs/aperture/how-to/grant-mcp-tool-access\">Grant access to MCP tools</a> to control which MCP tools users can access.</li>\n<li><a href=\"https://tailscale.com/docs/aperture/how-to/set-per-user-spending-limits\">Set per-user spending limits</a> to manage costs.</li>\n<li><a href=\"https://tailscale.com/docs/aperture/use-your-tools\">Set up LLM clients</a> to connect through Aperture.</li>\n</ul>\n<p><img src=\"https://cdn.brandfetch.io/tailscale.com/fallback/lettermark/theme/dark/h/256/w/256/icon?c=1bfwsmEH20zzEfSNTed\" alt=\"Project Logo\"></p>\n<p>Ask AI</p>\n<p>reCAPTCHA</p>\n<p>Recaptcha requires verification.</p>\n<p>protected by <strong>reCAPTCHA</strong></p>\n"}