Hi, i'm currently working on some permissions on C...
# helph
Hugo Tiem
03/30/2023, 3:33 PMHi, i'm currently working on some permissions on Cerbos Playground but tests results doesn't match with conditions i set for each role in my resource and i dont understand why. Thanks
c
Charith (Cerbos)
03/30/2023, 3:34 PM
Do you have the link to the playground?
Charith (Cerbos)
03/30/2023, 3:49 PM
There doesn't seem to be any tests in that playground instance
h
Hugo Tiem
03/30/2023, 3:55 PMyes you right. i forgot to save it. but i set some principals and resource on the right side and it says denied
c
Charith (Cerbos)
03/30/2023, 3:57 PM
Can you give me an example of a principal, resource and action that you used and got an unexpected result for?
h
Hugo Tiem
03/30/2023, 4:06 PMprincipals :
Copy code
{
"id": "member123",
"roles": [
"MEMBER"
],
"attr": {
"user": {
"employeeId": "test"
}
}
}
{
"id": "owner123",
"roles": [
"OWNER"
],
"attr": {}
} Copy code
{
"id": "manage_content_id",
"kind": "content",
"attr": {
"author": {
"userId": "owner123",
"employeeId": "test",
"user": {
"organisation": {
"employees": [
"member123"
],
"owners": [
"owner123"
],
"managers": [
"manager123"
]
}
}
}
}
}c
Charith (Cerbos)
03/30/2023, 4:23 PM
I don't see any problem. I am guessing that the cause of your confusion is you're mixing up roles and derived roles. Derived roles are something that Cerbos decides based on the request data. All your derived roles are based on the
parentRoleuseruserCharith (Cerbos)
03/30/2023, 4:24 PM
Try with a principal like the following and you'll start seeing your expected results.
Copy code
{
"id": "member123",
"roles": [
"user"
],
"attr": {
"user": {
"employeeId": "test"
}
}
}Charith (Cerbos)
03/30/2023, 4:25 PM
We have an explanation of the difference between roles and derived roles at the bottom of the page here: https://docs.cerbos.dev/cerbos/latest/policies/derived_roles.html
h
Hugo Tiem
03/30/2023, 4:48 PMoh yes i see. i did miss that part. Anyway it works now, thank you!
9 Views