diff --git a/ipn/ipnauth/access.go b/ipn/ipnauth/access.go index 53934c64b..74c663922 100644 --- a/ipn/ipnauth/access.go +++ b/ipn/ipnauth/access.go @@ -5,7 +5,10 @@ package ipnauth // ProfileAccess is a bitmask representing the requested, required, or granted // access rights to an [ipn.LoginProfile]. -type ProfileAccess uint32 +// +// It is not to be written to disk or transmitted over the network in its integer form, +// but rather serialized to a string or other format if ever needed. +type ProfileAccess uint // Define access rights that might be granted or denied on a per-profile basis. const ( diff --git a/ipn/ipnauth/actor.go b/ipn/ipnauth/actor.go index 2c713e441..92e3b202f 100644 --- a/ipn/ipnauth/actor.go +++ b/ipn/ipnauth/actor.go @@ -27,8 +27,9 @@ type Actor interface { // a connected LocalAPI client. Otherwise, it returns a zero value and false. ClientID() (_ ClientID, ok bool) - // CheckProfileAccess checks whether the actor has the requested access rights - // to the specified Tailscale profile. It returns an error if the access is denied. + // CheckProfileAccess checks whether the actor has the necessary access rights + // to perform a given action on the specified Tailscale profile. + // It returns an error if access is denied. CheckProfileAccess(profile ipn.LoginProfileView, requestedAccess ProfileAccess) error // IsLocalSystem reports whether the actor is the Windows' Local System account. diff --git a/util/syspolicy/policy_keys.go b/util/syspolicy/policy_keys.go index d970a4a3c..ec5e83b18 100644 --- a/util/syspolicy/policy_keys.go +++ b/util/syspolicy/policy_keys.go @@ -33,6 +33,7 @@ const ( // // Warning: This policy setting is experimental and may change or be removed in the future. // It may also not be fully supported by all Tailscale clients until it is out of experimental status. + // See tailscale/corp#26247, tailscale/corp#26248 and tailscale/corp#26249 for more information. AlwaysOn Key = "AlwaysOn" // ExitNodeID is the exit node's node id. default ""; if blank, no exit node is forced.