Access Policies Overview

Q. What if I want an extra layer of control over which machines of mine use the Uptrack service?

Q. I manage Uptrack-enabled machines for other people. How can they use the service while I still control which machines have access?

A. Customize your Uptrack access policies!

Each machine under your access key is either allowed or denied access to the Uptrack server. A machine that is denied access cannot receive updates, and you are not charged for it.

You can set access policies for individual or groups of existing machines as well as set a default access policy for new machines.

How can I allow or deny existing machines?

Manage from the web interface

Individual machines can be allowed or denied access to the Uptrack server from the Allow/Deny Policies page on your web interface. You can also bulk allow or deny machines on that page.

Manage from the API

Machines can also be allowed or denied via the Uptrack API's authorize request. The client library ships with an example script called authorize-uuid which allows and denies machines using the Python bindings.

How can I deny new machines by default?

Manage from the web interface

Your account can use one of two policies for machines new to the Uptrack service:

• Allow new machines by default (default allow)
• Deny new machines by default (default deny)

This policy can be changed on the Settings page on your web interface.

Under a default allow policy, new machines connecting to the Ksplice Uptrack service using your access key are immediately allowed to receive and install updates from the Uptrack server. Once they connect for the first time they will show up on your web interface as "allowed" unless you change their allow/deny policies.

Under a default deny policy, new machines are denied access unless you allow them through the web interface or API. They are displayed in a special "pending" state on your status interface for easy monitoring until they have been explicitly allowed or denied: