schmichael · February 10, 2026 00:33
diff --git a/acl.hcl b/acl.hcl
 acl {
  enabled = true
 }
diff --git a/allow-op.hcl b/allow-op.hcl
 operator {
  policy = "write"
 }
diff --git a/example.hcl b/example.hcl
 # See https://developer.hashicorp.com/nomad/docs/secure/acl/policies for ACL Policy details

 # Example policy structure:

 namespace "default" {
  policy = "deny"
  capabilities = []
 }

 namespace "example-ns" {
  policy = "deny"
  capabilities = ["list-jobs", "read-job"]
  variables {
    # list access to variables in all paths, full access in nested/variables/*
    path "*" {
      capabilities = ["list"]
    }
    path "nested/variables/*" {
      capabilities = ["write", "read", "destroy", "list"]
    }
  }
 }

 host_volume "example-volume" {
  policy = "deny"
 }

 agent {
  policy = "deny"
 }

 node {
  policy = "deny"
 }

 quota {
  policy = "deny"
 }

 operator {
  policy = "deny"
 }
	# See https://developer.hashicorp.com/nomad/docs/secure/acl/policies for ACL Policy details

	# Example policy structure:

	namespace "default" {
	policy = "deny"
	capabilities = []
	}

	namespace "example-ns" {
	policy = "deny"
	capabilities = ["list-jobs", "read-job"]
	variables {
	# list access to variables in all paths, full access in nested/variables/*
	path "*" {
	capabilities = ["list"]
	}
	path "nested/variables/*" {
	capabilities = ["write", "read", "destroy", "list"]
	}
	}
	}

	host_volume "example-volume" {
	policy = "deny"
	}

	agent {
	policy = "deny"
	}

	node {
	policy = "deny"
	}

	quota {
	policy = "deny"
	}

	operator {
	policy = "deny"
	}
No results found