ACL: Read logs on allocations / task overview -> permission denied with "read-logs"


at the moment we have:

# Allow writing to the QA namespace
namespace "backoffice-test" {
    policy = "read"
    capabilities = ["submit-job","dispatch-job","read-logs"]

and the developer can read logs on the task … but the window is a bit small. If you want to read the (same) logs on the same tab, like where also “files” is … then we get a permission denied:

Is it possible to add a permission, so that the developer can also use this “tab” to view the logfiles ?

cu denny

Hi @linuxmail,

When using the UI from this page to read logs, the page will make a call to /v1/node/:node_id in order to find the address of the client running the application you wish to view logs for. I believe adding node { policy = "read" } would then allow this ACL policy to work on that mentioned page.

jrasell and the Nomad team

1 Like


it works :slight_smile:


1 Like