From 1251c1ded9685ac5d4aa28aebc4e6d0ac08d9f43 Mon Sep 17 00:00:00 2001
From: Tim Gross <tgross@hashicorp.com>
Date: Fri, 10 May 2024 16:42:10 -0400
Subject: [PATCH] docs: note that plugin policy is required in the UI for CSI
 volumes (#20557)

The ACL docs have a section explaining that some parts of the UI need slightly
wider read permissions than expected. These docs should include that you need
`plugin:read` to look at CSI volume pages in the UI.

Fixes: https://github.com/hashicorp/nomad/issues/18527
---
 website/content/docs/other-specifications/acl-policy.mdx | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/website/content/docs/other-specifications/acl-policy.mdx b/website/content/docs/other-specifications/acl-policy.mdx
index 749fec003..8e443d427 100644
--- a/website/content/docs/other-specifications/acl-policy.mdx
+++ b/website/content/docs/other-specifications/acl-policy.mdx
@@ -461,6 +461,14 @@ agent {
 }
 ```
 
+Additionally, ACL policies for users who can read jobs that mount CSI volumes
+should include the following rules.
+
+```hcl
+plugin {
+  policy = "read"
+}
+```
 
 [Secure Nomad with Access Control]: /nomad/tutorials/access-control
 [hcl]: https://github.com/hashicorp/hcl