Hi Is there any way I can check for both a derived role and

Question

Hi Is there any way I can check for both a derived role and an expression in a policy or if not at least to check that two derived roles are met simultaneously Thanks

Alex Olivier (Cerbos) · Answer

Hey

Alex Olivier (Cerbos) · Answer

Yup this works by defining the expressions on the rule which also checks for a derived role Take a look at the `view approver` action in this example <https play cerbos dev p XhkOi82fFKk3YW60e2c806Yvm0trKEje>

Alex Tuca · Answer

Thanks that works Is there any option for the policy needing to meet at least two derived roles

Charith (Cerbos) · Answer

If I understand you correctly it s not possible to specify that the principal must have `derived role a AND derived role b` If you want to ensure that both conditions from those derived roles have been met you d need to define a third derived role that encompasses both conditions and write your policy rule targeting only that new derived role

Alex Tuca · Answer

I understand thank you