Fork me on GitHub

Teleport

Access Controls FAQ

Improve

Access Controls FAQ

What if a node has multiple labels?

In this case, the access will be granted only if all of the labels defined in the role are present. This effectively means Teleport uses an "AND" operator when evaluating node-level access using labels.

Can I use node-level RBAC with OpenSSH servers?

No. OpenSSH servers running sshd can't label themselves. This is a factor in deciding to run the Teleport Node Service instead.

Why do I see a UUID instead of a hostname when reviewing access requests?

Resource Access Requests embed the UUID of requested resources in order to ensure that extra access isn't mistakenly granted due to overlapping hostnames.

In order for Access Request reviewers to see the hostname, they must either:

  • Have permissions to access the requested server themselves, or
  • Have preview_as_roles set with a role that can access the server