Hello, one of your need is to have a UI where you can select a role (or a named group of permissions/permissions template) to see all the permissions that are associated to it. (And eventually edit it but not confirmed yet). The closest I could find is /api/plan/resources but I'm not sur it works in this case. Is there a way to do that with Cerbos or do I have to maintain this information in a separated DB? If that's the case, I guess I'm finding myself in a position where I need to bidirectionally sync my DB and Cerbos everytime there is a change? (Hence adding coupling)

Due to the way that the effective permissions are computed - through things like derived roles etc - it is tricky (but not impossible) to produce a list of permissions for a role as the result will be: • allow • deny • only under some set of condition If you take for example rules which match based on time of day, you will get back a different set of permissions depending when the request is made. Generally we see just the roles being exposed in a UI to end users, and the nitty gritty Role<>Permissions logic kept just in the policies. That said, with the Admin API you can fetch the policies currently being served from a Cerbos PDP and then derive this yourself into a UI.