ACLs
An ACL in Knocknoc is an important mapping between a Backend and ACL name, which is an argument passed into the Backend method.
For example, if you have a Backend that is a script that updates an AWS security group, you can put the security group ID as the ACL name, and the script can use that to update the correct group for the users who have access.
Another example is an HAproxy ACL id. These are numeric in memory lists of IPs, say "405", and here you can map "405" to "Confluence", on the backend "Confluence Haproxy".
For IPSets, the ACL Name needs to match the pre-defined IPSet described here.
ACLs are then mapped to Groups, so people in the right group get the set of ACLs assigned to them.
ACL configurations also support "require click to grant" as an option (from version 7.0).
This requires the user to click a button after logging in, prior to each grant being processed. This offers an additional layer of security and interactive workflow.
These can be configured per-ACL: