> ## Documentation Index
> Fetch the complete documentation index at: https://auth0.generaltranslation.app/llms.txt
> Use this file to discover all available pages before exploring further.

# Configure Rules

> Learn how to configure Tenant Access Control List (ACL) rules with the Auth0 Management API.

export const AuthCodeBlock = ({filename, icon, language, highlight, children}) => {
  const [processedChildren, setProcessedChildren] = useState(children);
  useEffect(() => {
    let unsubscribe = null;
    function init() {
      unsubscribe = window.autorun(() => {
        let processedChildren = children;
        for (const [key, value] of window.rootStore.variableStore.values.entries()) {
          processedChildren = processedChildren.replace(new RegExp(key, "g"), value);
        }
        setProcessedChildren(processedChildren);
      });
    }
    if (window.rootStore) {
      init();
    } else {
      window.addEventListener("adu:storeReady", init);
    }
    return () => {
      window.removeEventListener("adu:storeReady", init);
      unsubscribe?.();
    };
  }, [children]);
  return <CodeBlock filename={filename} icon={icon} language={language} lines highlight={highlight}>
      {processedChildren}
    </CodeBlock>;
};

export const codeExample1 = `package main

import (
	"context"
	"log"

	"github.com/auth0/go-auth0"
	"github.com/auth0/go-auth0/management"
)

func main() {
	mgmt, err := management.New("{yourDomain}", management.WithClientCredentials("{yourClientId}", "{yourClientSecret}"))
	if err != nil {
		log.Fatal(err)
	}

	networkACL := &management.NetworkACL{
		Description: auth0.String("Block all traffic from China"),
		Active:      auth0.Bool(true),
		Priority:    auth0.Int(1),
		Rule: &management.NetworkACLRule{
			Action: &management.NetworkACLRuleAction{
				Block: auth0.Bool(true),
			},
			Match: &management.NetworkACLRuleMatch{
				GeoCountryCodes: &[]string{"CN"},
			},
			Scope: auth0.String("authentication"),
		},
	}

	err = mgmt.NetworkACL.Create(context.Background(), networkACL)
	if err != nil {
		log.Fatal(err)
	}
	log.Println("Network ACL has been created")
}`;

export const codeExample2 = `package main

import (
	"context"
	"log"

	"github.com/auth0/go-auth0"
	"github.com/auth0/go-auth0/management"
)

func main() {
	mgmt, err := management.New("{yourDomain}", management.WithClientCredentials("{yourClientId}", "{yourClientSecret}"))
	if err != nil {
		log.Fatal(err)
	}

	networkACL := &management.NetworkACL{
		Rule: &management.NetworkACLRule{
			Action: &management.NetworkACLRuleAction{
				Log: auth0.Bool(true),
			},
			Scope: auth0.String("authentication"),
		},
	}

	err = mgmt.NetworkACL.Patch(context.Background(), "YOUR_TENANT_ACL_ID", networkACL)
	if err != nil {
		log.Fatal(err)
	}
	log.Println("Network ACL has been updated to enable monitoring mode")
}`;

You can configure Tenant Access Control List (ACL) rules with the Auth0 <Tooltip data-tooltip-id="react-containers-DefinitionTooltip-0" href="/docs/ja-JP/ja-jp/glossary?term=management-api" tip="Management API: 顧客が管理タスクを実行できるようにするための製品。" cta="用語集の表示">Management API</Tooltip>.

<div id="available-actions">
  ## Available actions
</div>

You can view, create, update, overwrite, and delete Tenant ACL rules with the Management API.

<table class="table">
  <thead>
    <tr>
      <th><strong>Action</strong></th>
      <th><strong>Endpoint</strong></th>
      <th><strong>Require scope</strong></th>
    </tr>
  </thead>

  <tbody>
    <tr>
      <td>View a rule</td>
      <td><a href="/docs/ja-JP/ja-jp/api/management/v2/network-acls/get-network-acls-by-id">Get a specific access control list entry for a tenant</a></td>
      <td>`read:network_acls`</td>
    </tr>

    <tr>
      <td>View all rules</td>
      <td><a href="/docs/ja-JP/ja-jp/api/management/v2/network-acls/get-network-acls">Get all access control list entries for a tenant</a></td>
      <td>`read:network_acls`</td>
    </tr>

    <tr>
      <td>Create a rule</td>
      <td><a href="/docs/ja-JP/ja-jp/api/management/v2/network-acls/post-network-acls">Create access control list</a></td>
      <td>`create:network_acls`</td>
    </tr>

    <tr>
      <td>Update a rule</td>
      <td><a href="/docs/ja-JP/ja-jp/api/management/v2/network-acls/patch-network-acls-by-id">Partial update for an access control list</a></td>
      <td>`update:network_acls`</td>
    </tr>

    <tr>
      <td>Overwrite a rule</td>
      <td><a href="/docs/ja-JP/ja-jp/api/management/v2/network-acls/put-network-acls-by-id">Update access control list</a></td>
      <td>`update:network_acls`</td>
    </tr>

    <tr>
      <td>Delete a rule</td>
      <td><a href="/docs/ja-JP/ja-jp/api/management/v2/network-acls/delete-network-acls-by-id">Delete access control list</a></td>
      <td>`delete:network_acls`</td>
    </tr>
  </tbody>
</table>

<div id="parameters">
  ## Parameters
</div>

For detailed information about Tenant ACL parameters and how to use them, read [Reference](/docs/ja-JP/ja-jp/secure/tenant-access-control-list/reference).

<table class="table">
  <thead>
    <tr>
      <th><strong>Parameter</strong></th>
      <th><strong>Data type</strong></th>
      <th><strong>Description</strong></th>
    </tr>
  </thead>

  <tbody>
    <tr>
      <td>`description`</td>
      <td>string</td>
      <td>Describes the purpose or functionality of the rule.</td>
    </tr>

    <tr>
      <td>`active`</td>
      <td>boolean</td>
      <td>Enables or disables the rule.</td>
    </tr>

    <tr>
      <td>`priority`</td>
      <td>number</td>
      <td>Numerical value that determines the order in which the rule is evaluated. Lower values indicate higher priority.</td>
    </tr>

    <tr>
      <td>`rule`</td>
      <td>object</td>
      <td>Contains the following properties:<ul><li>`action`: object. Contains the action the rule performs.</li><li>`match`: object. Defines the conditions that the incoming request must fulfill.</li><li>`not_match`: object. Defines the conditions that the incoming request must not fulfill.</li><li>`scope`: string. Service or context in which the rule is enforced.</li></ul></td>
    </tr>
  </tbody>
</table>

<div id="examples">
  ## Example: Block all traffic from a given country
</div>

Here’s an example of a Tenant ACL rule that blocks all incoming traffic from China.

<Tabs>
  <Tab title="Management API">
    To create a Tenant ACL rule with the Management API:

    1. [Get a Management API access token](/docs/ja-JP/ja-jp/secure/tokens/access-tokens/management-api-access-tokens/get-management-api-access-tokens-for-production) with the `create:network_acls` scope.
    2. Call the Management API [Create access control list](/docs/ja-JP/ja-jp/api/management/v2/network-acls/post-network-acls) endpoint with the following body:

       ```json lines theme={null}
       {
         "description": "Block all traffic from China",
         "active": true,
         "priority": 1,
         "rule": {
           "action": {
             "block": true
           },
           "match": {
             "geo_country_codes": ["CN"]
           },
           "scope": "authentication"
         }
       }
       ```
  </Tab>

  <Tab title="Go SDK">
    <AuthCodeBlock children={codeExample1} language="go" />
  </Tab>

  <Tab title="Node SDK">
    ```javascript lines theme={null}
    const createNetworkAclPayload: Management.CreateNetworkAclRequestContent = {
      description: "Block all traffic from China",
      active: true,
      priority: 1,
      rule: {
        action: {
          block: true
        },
        match: {
          geo_country_codes: ["CN"]
        },
        scope: "authentication"
      }
    };

    const createNetworkAcl = await client.networkAcls.create(createNetworkAclPayload);
    ```
  </Tab>

  <Tab title="Terraform">
    ```hcl lines theme={null}
    resource "auth0_network_acl" "block_traffic_acl" {
        description = "Block all traffic from China"
        active = true
        priority = 1
        rule {
            action {
                block = true
            }
            match {
                geo_country_codes = ["CN"]
            }
            scope = "authentication"
        }
    }
    ```
  </Tab>

  <Tab title="Deploy CLI">
    ```yaml lines theme={null}
    networkACLs:
      - description: Block all traffic from China
        active: true
        priority: 1
        rule:
          action:
            block: true
          match:
            geo_country_codes:
              - CN
          scope: authentication
    ```
  </Tab>

  <Tab title="Auth0 CLI">
    ```sh lines theme={null}
    auth0 network-acl create \
      --description "Block all traffic from China" \
      --priority 1 \
      --active true \
      --rule '{"action":{"block":true},"match":{"geo_country_codes":["CN"]},"scope":"authentication"}'
    ```
  </Tab>
</Tabs>

<div id="toggle-monitoring-mode-for-a-rule">
  ## Toggle monitoring mode for a rule
</div>

You can enable or disable [monitoring mode](/docs/ja-JP/ja-jp/secure/tenant-access-control-list) for a Tenant ACL rule by setting the `rule.action.log` object to `true` or `false`, respectively.

### Example: Enable monitoring mode for an existing Tenant ACL rule

<Tabs>
  <Tab title="Management API">
    To enable monitoring mode for a Tenant ACL rule with the Management API:

    1. [Get a Management API access token](/docs/ja-JP/ja-jp/secure/tokens/access-tokens/management-api-access-tokens/get-management-api-access-tokens-for-production) with the `update:network_acls` scope.
    2. Call the Management API [Partial update for an access control list](/docs/ja-JP/ja-jp/api/management/v2/network-acls/patch-network-acls-by-id) endpoint with the following body:

       ```json lines theme={null}
       {
         "rule": {
           "action": {
             "log": true
           },
           "scope": "authentication"
         }
       }
       ```
  </Tab>

  <Tab title="Go SDK">
    <AuthCodeBlock children={codeExample2} language="go" />
  </Tab>

  <Tab title="Node SDK">
    ```javascript lines theme={null}
    const updateNetworkAclPayload: Management.UpdateNetworkAclRequestContent = {
      rule: {
        action: {
          log: true,
        },
        scope: "authentication"
      }
    };

    const updateNetworkAcl = await client.networkAcls.update("YOUR_TENANT_ACL_ID", updateNetworkAclPayload);
    ```
  </Tab>

  <Tab title="Terraform">
    ```hcl lines theme={null}
    resource "auth0_network_acl" "block_traffic_acl" {
        description = "Block all traffic from China"
        active = true
        priority = 1
        rule {
            action {
                block = true
                log = true
            }
            match {
                geo_country_codes = ["CN"]
            }
            scope = "authentication"
        }
    }
    ```
  </Tab>

  <Tab title="Deploy CLI">
    ```yaml lines theme={null}
    networkACLs:
      - description: Block all traffic from China
        active: true
        priority: 1
        rule:
          action:
            block: true
            log: true
          match:
            geo_country_codes:
              - CN
          scope: authentication
    ```
  </Tab>

  <Tab title="Auth0 CLI">
    ```sh lines theme={null}
    auth0 network-acl update YOUR_TENANT_ACL_ID --action log
    ```
  </Tab>
</Tabs>
