• a

    Alberto Cunha

    1 week ago
    Does anyone can give me some help?
    a
    1 replies
    Copy to Clipboard
  • m

    Maggie Walker

    1 week ago
    Is it possible to do wildcard matching in CEL? e.g:
    R.attr.account_id in P.attr.tenants.*.subaccount_ids
    assuming there were two objects with:
    P.attr.tenants.3.subaccount_ids
    P.attr.tenants.5.subaccount_ids
    m
    Charith (Cerbos)
    +1
    15 replies
    Copy to Clipboard
  • a

    Alberto Cunha

    1 week ago
    Hello! I´m trying to JWT token on cerbos with auxData. I´m using Strapi as backend and I´m actually thinking if this is really necessary, as the true access control will happen on backend. The front end will only block rendering of some components.
    a
    Dennis (Cerbos)
    +1
    9 replies
    Copy to Clipboard
  • p

    Petra Barus

    2 weeks ago
    Hey team, I am evaluating Cerbos. For production environment, do you recommend using S3 or RDS Postgres?
    p
    Emre (Cerbos)
    +1
    6 replies
    Copy to Clipboard
  • p

    Petra Barus

    1 week ago
    Hi all, need help on content-digital commerce use case. So in this case a User can only view video after she purchased it. Let’s say there is a user
    user-1
    that purchased order
    order-1
    that contains 2 videos
    video-1
    and
    video-2
    . when
    user-1
    want to
    view
    a video
    video-1
    , the system will do check. How to best achieve this? Should the system created a new principal policy on every successful purchase?
    p
    Charith (Cerbos)
    9 replies
    Copy to Clipboard
  • Charith (Cerbos)

    Charith (Cerbos)

    6 days ago
    It should be under the policies directory
    Charith (Cerbos)
    1 replies
    Copy to Clipboard
  • d

    david

    5 days ago
    Hello everyone 👋 . Is it reasonable to use resource scopes as DDD-like “bounded contexts”? i.e. each microservice has its own scope so that resources with the same name (but different meaning) can exist within each?
    d
    Charith (Cerbos)
    6 replies
    Copy to Clipboard
  • n

    Nabil

    2 weeks ago
    Hello all! I am trying to wrap my head around a scenario with cerbos and would love some help! Everything I've seen with the docs and the API of cerbos treats authorization requests as a principal trying to act on specific/known resource(s) (the resource IDs must be known and sent to cerbos when checking). My application has scenarios that don't nicely fit with that and I am wondering what I am missing. For example: • There is a page in the app that displays all resource_x's for a user to browse and manage. Only a principal with the role_x may view it. How might I write a cerbos policy that implements this authz check? Am I required to fetch a list of all resource_x IDs to send along to cerbos? What if there are thousands of the resource? That seems like unnecessary overhead. • I am finding the majority of the authorization checks our app is needing to make are not for a principal accessing a specific resource (by its ID), but for a principal looking to access some collection of a resource (some hundreds or thousands of some resource type) Any help or ideas would be greatly appreciated! Thank you 🙂
    n
    Alex Olivier (Cerbos)
    18 replies
    Copy to Clipboard