Tailscale Grants: Unified Network & Application Access Control

Tailscale has introduced "grants" as an evolution of Access Control Lists (ACLs), extending access management from the network layer to the application layer. This development allows for more granular access controls, enabling users to integrate Tailscale's robust access policies within their own applications. The new grants feature unifies network and application access rules, enhancing readability and usability while maintaining compatibility with existing ACLs. Examples of grants' applications include TailSQL, a web SQL playground that restricts access based on user roles; Setec, a secrets manager that provides fine-grained control over secret access; a Kubernetes auth proxy that simplifies RBAC rules through group impersonation; and Golink, a project for managing private short links with the ability to assign administrative roles. Tailscale plans to further integrate grants into its security toolkit, with future enhancements expected to streamline policy management and application security.