Welcome @Andy Thorne and thanks for the PR on the PHP SDK - we are looking into it now 🙏

Hey, thanks, it's no problem at all! let me know if it needs any changes, happy to help!

Hi - is it possible to add multiple roles in a resource policy example - apiVersion: api.cerbos.dev/v1 resourcePolicy: version: "default" resource: "CreateOrg" rules: - actions: - * effect: EFFECT_ALLOW roles: - admin_mgmt - user_mgmt - hr_mgmt

Hi - Is it possible to store the audit logs in mysql and view in grafana or is there any other recommended way to view the audit logs?

Hi - can I get any sample/demo code which is using git as storage method?

Anyone using Cerbos with an analytics tool to filter data? (Tableau, AWS Quicksight, etc)

Additionally, what’s involved in writing a different ORM integration or just some queries from the PlanResources api?

Hi - Is it possible to do CRUD operation of policies using API? Especially update and delete policies

Hi - can we use same mysql instance and create a database for cerbos, and create another database for our application?

Hi, I see when I read some of hte docs that the policies are stored in yaml. In the How it Works it says the policy repository can be either git, disk or database. If its git or disk then I assume theres are multiple or single yaml files (not sure which yet) for each resource. If you use the db are the yamls files just added as a single entry in one column of a table or are they stored in different tables/columns and when you do a query it builds a yaml from them tables or something?

Hi, I am new to kubernetes, Can someone point to some resources for deploying cerbos as a sidecar to my main application and accessing cerbos withing my application on kubernetes

hi, is it possible to add release notes to python sdk? we can't see what's changed via dependabot pr's. just saw a release for 0.7.1, but 0.7.0 was published on pypi last week.

Hi, Cerbos team I have a policy condition like this

expr: request.resource.attr.share_read_list.exists(t, t.id == request.principal.id)

and I would like to implement it and add a list of string in resouce attr in Rust, but it said AttrVal wasn't implemented for list, vec, or iter May you give me some example of this

Hello everyone, i am new to the Cerbos community, looking forward to contributing and getting involved with the community and also looking forward to the opportunities to grow..

Heyho 👋 I’m new here, too. I have currently been exploring typesafe access to cerbos client based on cerbos schemas and made a little codegen POC, @estino/cerbos-ts-codegen. Has anyone worked on sth similar yet and wants to bounce ideas & findings?

hello.. where to start if want to onboard with this tool ?

hello. can cerbos works with IDP like Azure AD ? thanks

Hello guys

I am very new to Cerbos, could you please suggest to me what i did wrong here?

---
apiVersion: api.cerbos.dev/v1
resourcePolicy:
  version: "default"

  # Importing `identity_roles` in so they can be used in the resource policy.
  importDerivedRoles:
    - identity_roles

  # This resource file is reviewed for when checking permissions when a resource
  # is of `kind` "user_request"
  resource: user_request
  rules:

    # If the `principal`s role is `admin` then all the actions are allowed.
    - actions: [ "*" ]
      roles:
        - root
      effect: EFFECT_ALLOW

    # A `admin_that_owns_the_tenant` can only access `user_request` that belong to resources in
    # their tenant,
    - actions: [ "*" ]
      roles:
        - admin
      effect: EFFECT_ALLOW
      condition:
        match:
          expr: request.resource.attr.tenant == request.principal.tenant

getting "error":"failed to get check for [user_requ est.default]: policy compilation error: 1 compilation errors\nresource user request.yaml Invalid expression in resource rule 'rule-002' (failed to compile

request.resource.attr.tenant == request.principal.tenant

[undefined field 'tenant'])"}

regardless i set tenant atribute in both resource and principal during request

Hey just a heads up that this week a lot of the Cerbos team is hitting the road - we will be at both Collision in Toronto and GopherCon Europe in Berlin and hopefully see a few of you there. Response here from us maybe a tad slower than usual, but we will answers anything that comes up when we can. Thanks!

What's the point of JSON resource schemas if, if the resource is shape is malformed, the request will be denied either way?

What's the best practice for ensuring that policies are actually questioned at all in application code?

👋 💎 Hey all, Cerbos didn't have an ORM adapter for Rails / activerecord, so we made a fork of

cerbos-query-plan-adapters

and added one. (Not yet in a gem or well-documented, but it passes all the ORM tests). Sharing it here! https://github.com/mark-piper/cerbos-query-plan-adapters/tree/mark-piper/activerecord

Hello, Cerbos community! We have an exciting announcement - Cerbos has surpassed the 1,500-star mark on GitHub! 🌟 Our journey began with a dream to provide developers with a reliable, efficient, and easy-to-use authorization solution, and each GitHub star we receive fortifies that we’re making a positive impact! To each and every one of you - THANK YOU! 🙌 Your faith in our project is a driving force behind our innovation and inspires us to push boundaries. Thank you once again for joining us on this journey and here’s to the next 1,500 stars! 🚀

Excited to see you guys at CIVO Navigate (List just got released of speakers)! 🎉

🐛 Looks like there's a bug in Cerbos where

request_id

is not logged. I've opened an issue https://github.com/cerbos/cerbos/issues/1690 and a PR to fix it: https://github.com/cerbos/cerbos/pull/1691

Hi guys is Cerbos also under CNCF incubation project ?

Can someone explain different about these different selections (cerbos core vs cerbos cloud) And in which situation we require to go with Cerbos Cloud ? we want to implement authZ for our enterprise customer. we have own development team.