Merge pull request #3966 from hashicorp/docs-ui-acls

website: add UI section to ACL guide
hashicorp · Mar 19, 2018 · 9e4b10a · 9e4b10a
2 parents da2d530 + 6fb94ff
commit 9e4b10a
Showing 1 changed file with 22 additions and 0 deletions.
diff --git a/website/source/docs/guides/acl.html.md b/website/source/docs/guides/acl.html.md
@@ -482,6 +482,28 @@ default.
 If using [`acl_token`](/docs/agent/options.html#acl_token), then it's likely the anonymous
 token will have a more restrictive policy than shown in the examples here.
 
+#### Create Tokens for UI Use (Optional)
+
+If you utilize the Consul UI with a restrictive ACL policy, as above, the UI will
+not function fully using the anonymous ACL token. It is recommended
+that a UI-specific ACL token is used, which can be set in the UI during the
+web browser session to authenticate the interface.
+
+```text
+$ curl \
+    --request PUT \
+    --header "X-Consul-Token: b1gs33cr3t" \
+    --data \
+'{
+  "Name": "UI Token",
+  "Type": "client",
+  "Rules": "key \"\" { policy = \"write\" } node \"\" { policy = \"read\" } service \"\" { policy = \"read\" }"
+}' http://127.0.0.1:8500/v1/acl/create
+{"ID":"d0a9f330-2f9d-0a8c-d2af-1e9ceda354e6"}
+```
+
+The token can then be set on the "settings" page of the UI.
+
 #### Next Steps
 
 The examples above configure a basic ACL environment with the ability to see all nodes