From b84c455dbb51e9772adbeaba064e3d6535f6085e Mon Sep 17 00:00:00 2001
From: ron-savoia <104083590+ron-savoia@users.noreply.github.com>
Date: Fri, 24 Mar 2023 08:57:16 -0400
Subject: [PATCH] docs: added section of needed ACL rules for Nomad UI (#16494)

---
 .../docs/other-specifications/acl-policy.mdx     | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/website/content/docs/other-specifications/acl-policy.mdx b/website/content/docs/other-specifications/acl-policy.mdx
index daca255c3..3a248237b 100644
--- a/website/content/docs/other-specifications/acl-policy.mdx
+++ b/website/content/docs/other-specifications/acl-policy.mdx
@@ -382,6 +382,22 @@ The `policy` field for the plugin rule can have one of the following values:
 - `deny`: do not allow the resource to be read or modified. Deny takes
   precedence when multiple policies are associated with a token.
 
+## Configuring ACLs for the web UI
+
+The Nomad web UI uses the API endpoints `/v1/agent` and `/v1/node` for nearly
+every page. ACL policies for users who will use the Nomad UI should include the
+following rules.
+
+```hcl
+node {
+  policy = "read"
+}
+
+agent {
+  policy = "read"
+}
+```
+
 
 [Secure Nomad with Access Control]: /nomad/tutorials/access-control
 [hcl]: https://github.com/hashicorp/hcl