What are the minimum permissions needed to allow local management of Zero Trust tunnels?

Presently I’ve set out team as “Administrators” over “All Domains” to allow them to click “Authorize” when running “cloudflared tunnel login”.

However this seems to be far greater access than I’d like.
Can you please tell me what the minimum level of permissions required would be for them to be able to

  1. cloudflared tunnel login
  2. cloudflared tunnel create whatever
  3. cloudflared tunnel route dns whatever.my.domain
  4. cloudflared tunnel run --url=“https://localhost:9999” whatever

Hi @hailwood ,

Currently Zero Trust, and cloudflared tunnels do not have such granular permissions controls.

I would recommend opening a feature request thread with the Team to see if there is something which can be done for the future:

Thank you.

1 Like

Thank you @oshariff,
So is “Administrators” over “All Domains” currently the optimal setup?

Feature request for future visitors: Granular permissions for cloudflare tunnels

Hi @hailwood,

I would not use the word ‘optimal’
It is a very basic permission set up, either you have access or no access, unfortunately.

Thank you.

1 Like

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.