# Traffic Permissions

Traffic Permissions allow you to determine security rules for services that consume other services via their Tags. It is a very useful policy to increase security in the Mesh and compliance in the organization.

You can determine what source services are allowed to consume specific destination services. The service field is mandatory in both sources and destinations.

In Kuma 0.4.0 the sources field only allows for service and only service will be enforced. This limitation will disappear in the next version of Kuma.

In the example below, the destinations includes not only the service property, but also an additional version tag. You can include any arbitrary tags to any Dataplane

On Universal:

type: TrafficPermission
name: permission-1
mesh: default
sources:
  - match:
      service: backend
destinations:
  - match:
      service: redis
      version: '5.0'
1
2
3
4
5
6
7
8
9
10

On Kubernetes:

apiVersion: kuma.io/v1alpha1
kind: TrafficPermission
mesh: default
metadata:
  namespace: default
  name: permission-1
spec:
  sources:
    - match:
        service: backend
  destinations:
    - match:
        service: redis
        version: '5.0'
1
2
3
4
5
6
7
8
9
10
11
12
13
14

Match-All: You can match any value of a tag by using *, like version: '*'.