> ## Documentation Index
> Fetch the complete documentation index at: https://docs-dev-actions-triggers-prototype.mintlify.site/llms.txt
> Use this file to discover all available pages before exploring further.
# Configure Rules
> Learn how to configure Tenant Access Control List (ACL) rules with the Auth0 Management API.
export const AuthCodeBlock = ({filename, icon, language, highlight, children}) => {
const [displayText, setDisplayText] = useState(children);
const [copyText, setCopyText] = useState(children);
const wrapperRef = React.useRef(null);
useEffect(() => {
let unsubscribe = null;
function init() {
if (!window.autorun || !window.rootStore) {
return;
}
unsubscribe = window.autorun(() => {
let processedChildrenForDisplay = children;
let processedChildrenForCopy = children;
for (const [key, value] of window.rootStore.variableStore.values.entries()) {
const escapedKey = key.replaceAll(/[.*+?^${}()|[\]\\]/g, (String.raw)`\$&`);
let displayValue = value;
if (key === "{yourClientSecret}" && value !== "{yourClientSecret}") {
displayValue = value.substring(0, 3) + "*****MASKED*****";
}
processedChildrenForDisplay = processedChildrenForDisplay.replaceAll(new RegExp(escapedKey, "g"), displayValue);
processedChildrenForCopy = processedChildrenForCopy.replaceAll(new RegExp(escapedKey, "g"), value);
}
setDisplayText(processedChildrenForDisplay);
setCopyText(processedChildrenForCopy);
});
}
if (window.rootStore) {
init();
} else {
window.addEventListener("adu:storeReady", init);
}
return () => {
window.removeEventListener("adu:storeReady", init);
unsubscribe?.();
};
}, [children]);
useEffect(() => {
if (!wrapperRef.current) return;
const originalWriteText = navigator.clipboard.writeText.bind(navigator.clipboard);
let isOverriding = false;
const handleClick = e => {
const button = e.target.closest('[data-testid="copy-code-button"]');
if (!button || !wrapperRef.current.contains(button)) return;
isOverriding = true;
navigator.clipboard.writeText = text => {
if (isOverriding) {
isOverriding = false;
navigator.clipboard.writeText = originalWriteText;
return originalWriteText(copyText);
}
return originalWriteText(text);
};
setTimeout(() => {
if (isOverriding) {
isOverriding = false;
navigator.clipboard.writeText = originalWriteText;
}
}, 100);
};
const wrapper = wrapperRef.current;
wrapper.addEventListener('click', handleClick, true);
return () => {
wrapper.removeEventListener('click', handleClick, true);
if (navigator.clipboard.writeText !== originalWriteText) {
navigator.clipboard.writeText = originalWriteText;
}
};
}, [copyText]);
return
{displayText}
;
};
export const codeExample1 = `package main
import (
"context"
"log"
"github.com/auth0/go-auth0"
"github.com/auth0/go-auth0/management"
)
func main() {
mgmt, err := management.New("{yourDomain}", management.WithClientCredentials("{yourClientId}", "{yourClientSecret}"))
if err != nil {
log.Fatal(err)
}
networkACL := &management.NetworkACL{
Description: auth0.String("Block all traffic from China"),
Active: auth0.Bool(true),
Priority: auth0.Int(1),
Rule: &management.NetworkACLRule{
Action: &management.NetworkACLRuleAction{
Block: auth0.Bool(true),
},
Match: &management.NetworkACLRuleMatch{
GeoCountryCodes: &[]string{"CN"},
},
Scope: auth0.String("authentication"),
},
}
err = mgmt.NetworkACL.Create(context.Background(), networkACL)
if err != nil {
log.Fatal(err)
}
log.Println("Network ACL has been created")
}`;
export const codeExample2 = `package main
import (
"context"
"log"
"github.com/auth0/go-auth0"
"github.com/auth0/go-auth0/management"
)
func main() {
mgmt, err := management.New("{yourDomain}", management.WithClientCredentials("{yourClientId}", "{yourClientSecret}"))
if err != nil {
log.Fatal(err)
}
networkACL := &management.NetworkACL{
Rule: &management.NetworkACLRule{
Action: &management.NetworkACLRuleAction{
Log: auth0.Bool(true),
},
Scope: auth0.String("authentication"),
},
}
err = mgmt.NetworkACL.Patch(context.Background(), "YOUR_TENANT_ACL_ID", networkACL)
if err != nil {
log.Fatal(err)
}
log.Println("Network ACL has been updated to enable monitoring mode")
}`;
You can configure Tenant Access Control List (ACL) rules with the Auth0 Management API.
## Available actions
You can view, create, update, overwrite, and delete Tenant ACL rules with the Management API.
| Action | Endpoint | Require scope |
| ---------------- | -------------------------------------------------------------------------------------------------------------------------- | --------------------- |
| View a rule | [Get a specific access control list entry for a tenant](/docs/fr-ca/api/management/v2/network-acls/get-network-acls-by-id) | `read:network_acls` |
| View all rules | [Get all access control list entries for a tenant](/docs/fr-ca/api/management/v2/network-acls/get-network-acls) | `read:network_acls` |
| Create a rule | [Create access control list](/docs/fr-ca/api/management/v2/network-acls/post-network-acls) | `create:network_acls` |
| Update a rule | [Partial update for an access control list](/docs/fr-ca/api/management/v2/network-acls/patch-network-acls-by-id) | `update:network_acls` |
| Overwrite a rule | [Update access control list](/docs/fr-ca/api/management/v2/network-acls/put-network-acls-by-id) | `update:network_acls` |
| Delete a rule | [Delete access control list](/docs/fr-ca/api/management/v2/network-acls/delete-network-acls-by-id) | `delete:network_acls` |
## Parameters
For detailed information about Tenant ACL parameters and how to use them, read [Reference](/docs/fr-ca/secure/tenant-access-control-list/reference).
| Parameter | Data type | Description |
| ------------- | --------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| `description` | string | Describes the purpose or functionality of the rule. |
| `active` | boolean | Enables or disables the rule. |
| `priority` | number | Numerical value that determines the order in which the rule is evaluated. Lower values indicate higher priority. |
| `rule` | object | Contains the following properties:- `action`: object. Contains the action the rule performs.
- `match`: object. Defines the conditions that the incoming request must fulfill.
- `not_match`: object. Defines the conditions that the incoming request must not fulfill.
- `scope`: string. Service or context in which the rule is enforced.
|
## Example: Block all traffic from a given country
Here’s an example of a Tenant ACL rule that blocks all incoming traffic from China.
To create a Tenant ACL rule with the Management API:
1. [Get a Management API access token](/docs/fr-ca/secure/tokens/access-tokens/management-api-access-tokens/get-management-api-access-tokens-for-production) with the `create:network_acls` scope.
2. Call the Management API [Create access control list](/docs/fr-ca/api/management/v2/network-acls/post-network-acls) endpoint with the following body:
```json lines theme={null}
{
"description": "Block all traffic from China",
"active": true,
"priority": 1,
"rule": {
"action": {
"block": true
},
"match": {
"geo_country_codes": ["CN"]
},
"scope": "authentication"
}
}
```
```javascript lines theme={null}
const createNetworkAclPayload: Management.CreateNetworkAclRequestContent = {
description: "Block all traffic from China",
active: true,
priority: 1,
rule: {
action: {
block: true
},
match: {
geo_country_codes: ["CN"]
},
scope: "authentication"
}
};
const createNetworkAcl = await client.networkAcls.create(createNetworkAclPayload);
```
```hcl lines theme={null}
resource "auth0_network_acl" "block_traffic_acl" {
description = "Block all traffic from China"
active = true
priority = 1
rule {
action {
block = true
}
match {
geo_country_codes = ["CN"]
}
scope = "authentication"
}
}
```
```yaml lines theme={null}
networkACLs:
- description: Block all traffic from China
active: true
priority: 1
rule:
action:
block: true
match:
geo_country_codes:
- CN
scope: authentication
```
```sh lines theme={null}
auth0 network-acl create \
--description "Block all traffic from China" \
--priority 1 \
--active true \
--rule '{"action":{"block":true},"match":{"geo_country_codes":["CN"]},"scope":"authentication"}'
```
## Toggle monitoring mode for a rule
You can enable or disable [monitoring mode](/docs/fr-ca/secure/tenant-access-control-list) for a Tenant ACL rule by setting the `rule.action.log` object to `true` or `false`, respectively.
### Example: Enable monitoring mode for an existing Tenant ACL rule
To enable monitoring mode for a Tenant ACL rule with the Management API:
1. [Get a Management API access token](/docs/fr-ca/secure/tokens/access-tokens/management-api-access-tokens/get-management-api-access-tokens-for-production) with the `update:network_acls` scope.
2. Call the Management API [Partial update for an access control list](/docs/fr-ca/api/management/v2/network-acls/patch-network-acls-by-id) endpoint with the following body:
```json lines theme={null}
{
"rule": {
"action": {
"log": true
},
"scope": "authentication"
}
}
```
```javascript lines theme={null}
const updateNetworkAclPayload: Management.UpdateNetworkAclRequestContent = {
rule: {
action: {
log: true,
},
scope: "authentication"
}
};
const updateNetworkAcl = await client.networkAcls.update("YOUR_TENANT_ACL_ID", updateNetworkAclPayload);
```
```hcl lines theme={null}
resource "auth0_network_acl" "block_traffic_acl" {
description = "Block all traffic from China"
active = true
priority = 1
rule {
action {
block = true
log = true
}
match {
geo_country_codes = ["CN"]
}
scope = "authentication"
}
}
```
```yaml lines theme={null}
networkACLs:
- description: Block all traffic from China
active: true
priority: 1
rule:
action:
block: true
log: true
match:
geo_country_codes:
- CN
scope: authentication
```
```sh lines theme={null}
auth0 network-acl update YOUR_TENANT_ACL_ID --action log
```