All Topics
All Topics
Technology
Technology
AI
AI
Business
Business
Entertainment
Entertainment
News
News
Programming
Programming
Security
Security
Science
Science
Design
Design
Environment
Environment
Finance
Finance
Crypto
Crypto
Politics
Politics
Sports
Sports
Education
Education
Gaming
Gaming
Art
Art
Music
Music
Health
Health
Books
Books
Food
Food
Travel
Travel
Personal
Personal
Bluesky
Twitter

Cloudflare Fundamentals, Cloudflare One, Cloudflare Tunnel for SASE, Cloudflare Tunnel, Cloudflare Mesh - Granular permissions for Cloudflare Tunnel and Cloudflare Mesh

1mo ago

Source

CloudflareCloudflare Fundamentals, Cloudflare One, Cloudflare Tunnel for SASE, Cloudflare Tunnel, Cloudflare Mesh - Granular permissions for Cloudflare Tunnel and Cloudflare Meshcloudflare.com
Snippet from the RSS feed
You can now scope Cloudflare permissions to individual Cloudflare Tunnel instances and Cloudflare Mesh nodes. Administrators can delegate access to specific Tunnels or Mesh nodes without granting account-wide control over private networking. What is new When you add a member or create a permission policy , the resource picker now lists Cloudflare Tunnel instances and Cloudflare Mesh nodes as scopable resource types. You can: Grant a read-only role on a single Cloudflare Tunnel instance to a support operator for log streaming and diagnostics — without exposing other Tunnels or destructive actions. Grant a write role on a specific Cloudflare Mesh node to an application team — without giving them access to the rest of your private network. Scope a single policy to one or many Tunnels and Mesh nodes at once. How it works Granular permissions are a parallel layer to existing account-level roles — they do not replace them. Existing account-level roles continue to work. A member with Cloudflare Access or Cloudflare Zero Trust retains write access to every Tunnel and Mesh node in the account. This ensures backward compatibility for existing automation and tokens. Granular permissions are additive. For any API request on a specific Tunnel or Mesh node, access is granted if the principal has either the account-level role or a granular permission for that resource. Resource enumeration is authorization-aware. Listing endpoints ( GET /accounts/{id}/cfd_tunnel , GET /accounts/{id}/warp_connector ) return only the resources the principal has at least read access to. Get started Configure granular permissions for Cloudflare Tunnel . Configure granular permissions for Cloudflare Tunnel and Cloudflare Mesh in Cloudflare One . Review the resource-scoped roles on the Cloudflare role reference.

You might also wanna read

Comments

Sign in to join the conversation.

No comments yet. Be the first.