> ## Documentation Index
> Fetch the complete documentation index at: https://docs-dev-actions-triggers-prototype.mintlify.site/llms.txt
> Use this file to discover all available pages before exploring further.
# Use Cases
> Learn about the different use cases for the Tenant Access Control List feature.
export const AuthCodeBlock = ({filename, icon, language, highlight, children}) => {
const [displayText, setDisplayText] = useState(children);
const [copyText, setCopyText] = useState(children);
const wrapperRef = React.useRef(null);
useEffect(() => {
let unsubscribe = null;
function init() {
if (!window.autorun || !window.rootStore) {
return;
}
unsubscribe = window.autorun(() => {
let processedChildrenForDisplay = children;
let processedChildrenForCopy = children;
for (const [key, value] of window.rootStore.variableStore.values.entries()) {
const escapedKey = key.replaceAll(/[.*+?^${}()|[\]\\]/g, (String.raw)`\$&`);
let displayValue = value;
if (key === "{yourClientSecret}" && value !== "{yourClientSecret}") {
displayValue = value.substring(0, 3) + "*****MASKED*****";
}
processedChildrenForDisplay = processedChildrenForDisplay.replaceAll(new RegExp(escapedKey, "g"), displayValue);
processedChildrenForCopy = processedChildrenForCopy.replaceAll(new RegExp(escapedKey, "g"), value);
}
setDisplayText(processedChildrenForDisplay);
setCopyText(processedChildrenForCopy);
});
}
if (window.rootStore) {
init();
} else {
window.addEventListener("adu:storeReady", init);
}
return () => {
window.removeEventListener("adu:storeReady", init);
unsubscribe?.();
};
}, [children]);
useEffect(() => {
if (!wrapperRef.current) return;
const originalWriteText = navigator.clipboard.writeText.bind(navigator.clipboard);
let isOverriding = false;
const handleClick = e => {
const button = e.target.closest('[data-testid="copy-code-button"]');
if (!button || !wrapperRef.current.contains(button)) return;
isOverriding = true;
navigator.clipboard.writeText = text => {
if (isOverriding) {
isOverriding = false;
navigator.clipboard.writeText = originalWriteText;
return originalWriteText(copyText);
}
return originalWriteText(text);
};
setTimeout(() => {
if (isOverriding) {
isOverriding = false;
navigator.clipboard.writeText = originalWriteText;
}
}, 100);
};
const wrapper = wrapperRef.current;
wrapper.addEventListener('click', handleClick, true);
return () => {
wrapper.removeEventListener('click', handleClick, true);
if (navigator.clipboard.writeText !== originalWriteText) {
navigator.clipboard.writeText = originalWriteText;
}
};
}, [copyText]);
return
{displayText}
;
};
export const codeExample1 = `package main
import (
"context"
"log"
"github.com/auth0/go-auth0"
"github.com/auth0/go-auth0/management"
)
func main() {
mgmt, err := management.New("{yourDomain}", management.WithClientCredentials("{yourClientId}", "{yourClientSecret}"))
if err != nil {
log.Fatal(err)
}
networkACL := &management.NetworkACL{
Description: auth0.String("Example of blocking a request"),
Active: auth0.Bool(true),
Priority: auth0.Int(2),
Rule: &management.NetworkACLRule{
Action: &management.NetworkACLRuleAction{
Block: auth0.Bool(true),
},
Match: &management.NetworkACLRuleMatch{
GeoCountryCodes: &[]string{"GEO_COUNTRY_CODE"},
},
Scope: auth0.String("authentication"),
},
}
err = mgmt.NetworkACL.Create(context.Background(), networkACL)
if err != nil {
log.Fatal(err)
}
log.Println("Network ACL has been created")
}`;
export const codeExample2 = `package main
import (
"context"
"log"
"github.com/auth0/go-auth0"
"github.com/auth0/go-auth0/management"
)
func main() {
mgmt, err := management.New("{yourDomain}", management.WithClientCredentials("{yourClientId}", "{yourClientSecret}"))
if err != nil {
log.Fatal(err)
}
networkACL := &management.NetworkACL{
Description: auth0.String("Example of allowing a request"),
Active: auth0.Bool(true),
Priority: auth0.Int(2),
Rule: &management.NetworkACLRule{
Action: &management.NetworkACLRuleAction{
Allow: auth0.Bool(true),
},
Match: &management.NetworkACLRuleMatch{
GeoCountryCodes: &[]string{"GEO_COUNTRY_CODE"},
},
Scope: auth0.String("authentication"),
},
}
err = mgmt.NetworkACL.Create(context.Background(), networkACL)
if err != nil {
log.Fatal(err)
}
log.Println("Network ACL has been created")
}`;
export const codeExample3 = `package main
import (
"context"
"log"
"github.com/auth0/go-auth0"
"github.com/auth0/go-auth0/management"
)
func main() {
mgmt, err := management.New("{yourDomain}", management.WithClientCredentials("{yourClientId}", "{yourClientSecret}"))
if err != nil {
log.Fatal(err)
}
networkACL := &management.NetworkACL{
Description: auth0.String("Example of redirecting a request"),
Active: auth0.Bool(true),
Priority: auth0.Int(2),
Rule: &management.NetworkACLRule{
Action: &management.NetworkACLRuleAction{
Redirect: auth0.Bool(true),
RedirectURI: auth0.String("REDIRECT_URI"),
},
Match: &management.NetworkACLRuleMatch{
GeoCountryCodes: &[]string{"GEO_COUNTRY_CODE"},
},
Scope: auth0.String("authentication"),
},
}
err = mgmt.NetworkACL.Create(context.Background(), networkACL)
if err != nil {
log.Fatal(err)
}
log.Println("Network ACL has been created")
}`;
export const codeExample4 = `package main
import (
"context"
"log"
"github.com/auth0/go-auth0"
"github.com/auth0/go-auth0/management"
)
func main() {
mgmt, err := management.New("{yourDomain}", management.WithClientCredentials("{yourClientId}", "{yourClientSecret}"))
if err != nil {
log.Fatal(err)
}
networkACL := &management.NetworkACL{
Description: auth0.String("Example of a complex comparison"),
Active: auth0.Bool(true),
Priority: auth0.Int(1),
Rule: &management.NetworkACLRule{
Action: &management.NetworkACLRuleAction{
Block: auth0.Bool(true),
},
Match: &management.NetworkACLRuleMatch{
GeoCountryCodes: &[]string{"GEO_COUNTRY_CODE"},
},
NotMatch: &management.NetworkACLRuleMatch{
GeoSubdivisionCodes: &[]string{"GEO_SUBDIVISION_CODE"},
},
Scope: auth0.String("authentication"),
},
}
err = mgmt.NetworkACL.Create(context.Background(), networkACL)
if err != nil {
log.Fatal(err)
}
log.Println("Network ACL has been created")
}`;
Tenant Access Control List (ACL) provides the power and flexibility needed to handle a large variety of scenarios.
## Block a request
Here is an example of a Tenant ACL rule that blocks incoming traffic from a specific geolocation country code.
To create this Tenant ACL rule with the Management API:
1. [Get a Management API access token](/docs/ja-jp/secure/tokens/access-tokens/management-api-access-tokens/get-management-api-access-tokens-for-production) with the `create:network_acls` scope.
2. Call the Management API [Create access control list](/docs/ja-jp/api/management/v2/network-acls/post-network-acls) endpoint with the following body:
```json lines theme={null}
{
"description": "Example of blocking a request",
"active": true,
"priority": 2,
"rule": {
"action": {
"block": true
},
"match": {
"geo_country_codes": [
"GEO_COUNTRY_CODE"
]
},
"scope": "authentication"
}
}
```
```javascript lines theme={null}
const createNetworkAclPayload: Management.CreateNetworkAclRequestContent = {
description: "Example of blocking a request",
active: true,
priority: 2,
rule: {
action: {
block: true,
},
match: {
geo_country_codes: ["GEO_COUNTRY_CODE"],
},
scope: "authentication",
},
};
const createNetworkAcl = await client.networkAcls.create(createNetworkAclPayload);
```
```hcl lines theme={null}
resource "auth0_network_acl" "example_blocking_request_acl" {
description = "Example of blocking a request"
active = true
priority = 2
rule {
action {
block = true
}
match {
geo_country_codes = ["GEO_COUNTRY_CODE"]
}
scope = "authentication"
}
}
```
```yaml lines theme={null}
networkACLs:
- description: Example of blocking a request
active: true
priority: 2
rule:
action:
block: true
match:
geo_country_codes:
- GEO_COUNTRY_CODE
scope: authentication
```
```sh lines theme={null}
auth0 network-acl create \
--description "Example of blocking a request" \
--active true \
--priority 2 \
--rule '{"action":{"block":true},"match":{"geo_country_codes":["GEO_COUNTRY_CODE"]},"scope":"authentication"}'
```
### Example of a block page
## Allow a request
Here is an example of a Tenant ACL rule that allows traffic only from a specific geolocation country code.
To create this Tenant ACL rule with the Management API:
1. [Get a Management API access token](/docs/ja-jp/secure/tokens/access-tokens/management-api-access-tokens/get-management-api-access-tokens-for-production) with the `create:network_acls` scope.
2. Call the Management API [Create access control list](/docs/ja-jp/api/management/v2/network-acls/post-network-acls) endpoint with the following body:
```json lines theme={null}
{
"description": "Example of allowing a request",
"active": true,
"priority": 2,
"rule": {
"action": {
"allow": true
},
"match": {
"geo_country_codes": [
"GEO_COUNTRY_CODE"
]
},
"scope": "authentication"
}
}
```
```javascript lines theme={null}
const createNetworkAclPayload: Management.CreateNetworkAclRequestContent = {
description: "Example of allowing a request",
active: true,
priority: 2,
rule: {
action: {
allow: true,
},
match: {
geo_country_codes: ["GEO_COUNTRY_CODE"],
},
scope: "authentication",
},
};
const createNetworkAcl = await client.networkAcls.create(createNetworkAclPayload);
```
```hcl lines theme={null}
resource "auth0_network_acl" "example_allowing_request_acl" {
description = "Example of allowing a request"
active = true
priority = 2
rule {
action {
allow = true
}
match {
geo_country_codes = ["GEO_COUNTRY_CODE"]
}
scope = "authentication"
}
}
```
```yaml lines theme={null}
networkACLs:
- description: Example of allowing a request
active: true
priority: 2
rule:
action:
allow: true
match:
geo_country_codes:
- GEO_COUNTRY_CODE
scope: authentication
```
```sh lines theme={null}
auth0 network-acl create \
--description "Example of allowing a request" \
--active true \
--priority 2 \
--rule '{"action":{"allow":true},"match":{"geo_country_codes":["GEO_COUNTRY_CODE"]},"scope":"authentication"}'
```
## Redirect a request
Here is an example of a Tenant ACL rule that redirects all traffic from a specific geolocation country code.
To create this Tenant ACL rule with the Management API:
1. [Get a Management API access token](/docs/ja-jp/secure/tokens/access-tokens/management-api-access-tokens/get-management-api-access-tokens-for-production) with the `create:network_acls` scope.
2. Call the Management API [Create access control list](/docs/ja-jp/api/management/v2/network-acls/post-network-acls) endpoint with the following body:
```json lines theme={null}
{
"description": "Example of redirecting a request",
"active": true,
"priority": 2,
"rule": {
"action": {
"redirect": true,
"redirect_uri": "REDIRECT_URI"
},
"match": {
"geo_country_codes": [
"GEO_COUNTRY_CODE"
]
},
"scope": "authentication"
}
}
```
```javascript lines theme={null}
const createNetworkAclPayload: Management.CreateNetworkAclRequestContent = {
description: "Example of redirecting a request",
active: true,
priority: 2,
rule: {
action: {
redirect: true,
redirect_uri: "REDIRECT_URI",
},
match: {
geo_country_codes: ["GEO_COUNTRY_CODE"],
},
scope: "authentication",
},
};
const createNetworkAcl = await client.networkAcls.create(createNetworkAclPayload);
```
```hcl lines theme={null}
resource "auth0_network_acl" "example_redirecting_request_acl" {
description = "Example of redirecting a request"
active = true
priority = 2
rule {
action {
redirect = true
redirect_uri = "REDIRECT_URI"
}
match {
geo_country_codes = ["GEO_COUNTRY_CODE"]
}
scope = "authentication"
}
}
```
```yaml lines theme={null}
networkACLs:
- description: Example of redirecting a request
active: true
priority: 2
rule:
action:
redirect: true
redirect_uri: REDIRECT_URI
match:
geo_country_codes:
- GEO_COUNTRY_CODE
scope: authentication
```
```sh lines theme={null}
auth0 network-acl create \
--description "Example of redirecting a request" \
--active true \
--priority 2 \
--rule '{"action":{"redirect":true,"redirect_uri":"REDIRECT_URI"},"match":{"geo_country_codes":["GEO_COUNTRY_CODE"]},"scope":"authentication"}'
```
## Complex comparisons
You can combine the `match` and `not_match` operators in a single Tenant ACL rule to enforce fine-grained access policies.
Here is an example of a Tenant ACL rule that evaluates the `geo_country_code` and `geo_subdivision_code` signals to block all traffic from a given country except for a specific state, region, or province within that country.
To create this Tenant ACL rule with the Management API:
1. [Get a Management API access token](/docs/ja-jp/secure/tokens/access-tokens/management-api-access-tokens/get-management-api-access-tokens-for-production) with the `create:network_acls` scope.
2. Call the Management API [Create access control list](/docs/ja-jp/api/management/v2/network-acls/post-network-acls) endpoint with the following body:
```json lines theme={null}
{
"description": "Example of a complex comparison",
"active": true,
"priority": 1,
"rule": {
"action": {
"block": true
},
"match": {
"geo_country_codes": [
"GEO_COUNTRY_CODE"
]
},
"not_match": {
"geo_subdivision_codes": [
"GEO_SUBDIVISION_CODE"
]
},
"scope": "authentication"
}
}
```
```javascript lines theme={null}
const createNetworkAclPayload: Management.CreateNetworkAclRequestContent = {
description: "Example of a complex comparison",
active: true,
priority: 1,
rule: {
action: {
block: true,
},
match: {
geo_country_codes: ["GEO_COUNTRY_CODE"],
},
not_match: {
geo_subdivision_codes: ["GEO_SUBDIVISION_CODE"],
},
scope: "authentication",
},
};
const createNetworkAcl = await client.networkAcls.create(createNetworkAclPayload);
```
```hcl lines theme={null}
resource "auth0_network_acl" "example_complex_comparison_acl" {
description = "Example of a complex comparison"
active = true
priority = 1
rule {
action {
block = true
}
match {
geo_country_codes = ["GEO_COUNTRY_CODE"]
}
not_match {
geo_subdivision_codes = ["GEO_SUBDIVISION_CODE"]
}
scope = "authentication"
}
}
```
```yaml lines theme={null}
networkACLs:
- description: Example of a complex comparison
active: true
priority: 1
rule:
action:
block: true
match:
geo_country_codes:
- GEO_COUNTRY_CODE
not_match:
geo_subdivision_codes:
- GEO_SUBDIVISION_CODE
scope: authentication
```
```sh lines theme={null}
auth0 network-acl create \
--description "Example of a complex comparison" \
--active true \
--priority 1 \
--rule '{"action":{"block":true},"match":{"geo_country_codes":["GEO_COUNTRY_CODE"]},"not_match":{"geo_subdivision_codes":["GEO_SUBDIVISION_CODE"]},"scope":"authentication"}'
```