Skip to main content

Documentation Index

Fetch the complete documentation index at: https://ona.com/docs/llms.txt

Use this file to discover all available pages before exploring further.

Control whether users can expose ports from environments to the network and who can access those shared ports. Useful when:
  • Preventing accidental exposure of development services
  • Enforcing network security policies
  • Restricting access to internal services

Port access levels

When port authentication is available, each shared port can use one of these access levels:
Dashboard labelCLI valueWho can access it
Creator onlycreator_onlyOnly the environment creator after signing in
Organization members onlyorganizationSigned-in members of the same organization
Anyone (no login required)everyoneAnyone who can reach the URL
If you narrow a port from everyone to a more restrictive level, existing browser sessions must authenticate again before the port loads.

Settings

Port sharing policy settings showing the Disable port sharing toggle and Maximum port admission level dropdown

Disable port sharing

Check Disable port sharing to block user-initiated shared ports in the dashboard and CLI. Use this when your organization does not allow externally reachable development services at all.

Maximum port admission level

Use Maximum port admission level to cap the most permissive access level members can choose when opening or editing a port.
SettingWhat users can choose
Creator onlyOnly creator_only
Organization members onlycreator_only or organization
Anyone (no login required)creator_only, organization, or everyone
When the cap is lower than a user’s requested access level, the dashboard disables the blocked options and the CLI/API rejects wider access levels.

How the controls interact

These controls are orthogonal:
  • Disable port sharing answers “can users open shared ports at all?”
  • Maximum port admission level answers “if they can open a port, how broadly may they share it?”
If Disable port sharing is turned on, it takes precedence and the maximum-admission dropdown becomes inactive until port sharing is re-enabled. For the user-facing flow for opening ports, see Port sharing. For the browser retry flow, see Access denied and retry.

Exemptions

VS Code Browser and agents are exempt from this policy and continue to work when port sharing is disabled. Only user-initiated port sharing is affected.

Effect on users

  • Dashboard users cannot choose admission levels above the configured cap
  • CLI users cannot open ports when port sharing is disabled, and ona environment port open --admission ... fails if the requested level exceeds the cap
  • Users see a notification or error explaining the restriction
  • VS Code Browser and agents remain functional