{"slug":"manage-access","title":"Manage access","tags":["tailscale","access-control"],"agent_summary":"Last validated: May 7, 2025","trigger_phrases":[],"runnable":false,"markdown":"\r\n# Manage access\r\n\r\nLast validated: May 7, 2025\r\n\r\nUse Tailscale access features to control how users access resources in your Tailscale network, known as a tailnet. You also control how devices access other devices.\r\n\r\n## [Manage access policy](https://tailscale.com/docs/manage\\#manage-access-policy)\r\n\r\nAccess control lists (ACLs) and grants let you precisely define permissions for users and devices in your tailnet. Tailscale manages access rules for your network in the [tailnet policy file](https://tailscale.com/docs/reference/glossary#tailnet-policy-file).\r\n\r\n[**Manage permissions using ACLs** \\\\\r\n\\\\\r\nConfigure access control lists (ACLs) in Tailscale to manage device permissions and secure your network.](https://tailscale.com/docs/features/access-control/acls) [**Grants** \\\\\r\n\\\\\r\nGrant access control permissions across both network connections and application permissions.](https://tailscale.com/docs/features/access-control/grants) [**Syntax reference for the tailnet policy file** \\\\\r\n\\\\\r\nReference syntax for the tailnet policy file.](https://tailscale.com/docs/reference/syntax/policy-file) [**Just-in-time access** \\\\\r\n\\\\\r\nProvide just-in-time access, also known as on-demand access, to your Tailscale network users.](https://tailscale.com/docs/features/access-control/just-in-time-access)\r\n\r\n## [Manage devices](https://tailscale.com/docs/manage\\#manage-devices)\r\n\r\nYou control which devices are in your tailnet, including whether you want a tailnet admin to approve new devices before they are allowed access. You can also use device posture with mobile device management (MDM) solutions to enforce device rules.\r\n\r\n[**Manage devices** \\\\\r\n\\\\\r\nSee how to review and approve devices, rename a machine, and filter devices in the admin console.](https://tailscale.com/docs/features/access-control/device-management)\r\n\r\n## [Manage users and user roles](https://tailscale.com/docs/manage\\#manage-users-and-user-roles)\r\n\r\nYou control which users are in your tailnet, how they are invited, and their access to your tailnet resources.\r\n\r\n## [Manage domain ownership](https://tailscale.com/docs/manage\\#manage-domain-ownership)\r\n\r\nWhen you create your tailnet, your user domain becomes part of your [Tailscale identity](https://tailscale.com/docs/concepts/tailscale-identity).\r\n\r\n[**Domain ownership** \\\\\r\n\\\\\r\nExplore how your tailnet is tied to your domain.](https://tailscale.com/docs/concepts/domain-ownership)\r\n\r\n![Project Logo](https://cdn.brandfetch.io/tailscale.com/fallback/lettermark/theme/dark/h/256/w/256/icon?c=1bfwsmEH20zzEfSNTed)\r\n\r\nAsk AI\r\n\r\nreCAPTCHA\r\n\r\nRecaptcha requires verification.\r\n\r\nprotected by **reCAPTCHA**\r\n","html":"<h1>Manage access</h1>\n<p>Last validated: May 7, 2025</p>\n<p>Use Tailscale access features to control how users access resources in your Tailscale network, known as a tailnet. You also control how devices access other devices.</p>\n<h2><a href=\"https://tailscale.com/docs/manage#manage-access-policy\">Manage access policy</a></h2>\n<p>Access control lists (ACLs) and grants let you precisely define permissions for users and devices in your tailnet. Tailscale manages access rules for your network in the <a href=\"https://tailscale.com/docs/reference/glossary#tailnet-policy-file\">tailnet policy file</a>.</p>\n<p><a href=\"https://tailscale.com/docs/features/access-control/acls\"><strong>Manage permissions using ACLs</strong> \\\r\n\\\r\nConfigure access control lists (ACLs) in Tailscale to manage device permissions and secure your network.</a> <a href=\"https://tailscale.com/docs/features/access-control/grants\"><strong>Grants</strong> \\\r\n\\\r\nGrant access control permissions across both network connections and application permissions.</a> <a href=\"https://tailscale.com/docs/reference/syntax/policy-file\"><strong>Syntax reference for the tailnet policy file</strong> \\\r\n\\\r\nReference syntax for the tailnet policy file.</a> <a href=\"https://tailscale.com/docs/features/access-control/just-in-time-access\"><strong>Just-in-time access</strong> \\\r\n\\\r\nProvide just-in-time access, also known as on-demand access, to your Tailscale network users.</a></p>\n<h2><a href=\"https://tailscale.com/docs/manage#manage-devices\">Manage devices</a></h2>\n<p>You control which devices are in your tailnet, including whether you want a tailnet admin to approve new devices before they are allowed access. You can also use device posture with mobile device management (MDM) solutions to enforce device rules.</p>\n<p><a href=\"https://tailscale.com/docs/features/access-control/device-management\"><strong>Manage devices</strong> \\\r\n\\\r\nSee how to review and approve devices, rename a machine, and filter devices in the admin console.</a></p>\n<h2><a href=\"https://tailscale.com/docs/manage#manage-users-and-user-roles\">Manage users and user roles</a></h2>\n<p>You control which users are in your tailnet, how they are invited, and their access to your tailnet resources.</p>\n<h2><a href=\"https://tailscale.com/docs/manage#manage-domain-ownership\">Manage domain ownership</a></h2>\n<p>When you create your tailnet, your user domain becomes part of your <a href=\"https://tailscale.com/docs/concepts/tailscale-identity\">Tailscale identity</a>.</p>\n<p><a href=\"https://tailscale.com/docs/concepts/domain-ownership\"><strong>Domain ownership</strong> \\\r\n\\\r\nExplore how your tailnet is tied to your domain.</a></p>\n<p><img src=\"https://cdn.brandfetch.io/tailscale.com/fallback/lettermark/theme/dark/h/256/w/256/icon?c=1bfwsmEH20zzEfSNTed\" alt=\"Project Logo\"></p>\n<p>Ask AI</p>\n<p>reCAPTCHA</p>\n<p>Recaptcha requires verification.</p>\n<p>protected by <strong>reCAPTCHA</strong></p>\n"}