Hi! Is there any way I can check for both a derive...
# help
Hi! Is there any way I can check for both a derived role and an expression in a policy (or if not, at least to check that two derived roles are met simultaneously)? Thanks!
Yup this works by defining the expressions on the rule which also checks for a derived role. Take a look at the
action in this example: https://play.cerbos.dev/p/XhkOi82fFKk3YW60e2c806Yvm0trKEje
Thanks, that works! Is there any option for the policy needing to meet at least two derived roles?
If I understand you correctly, it's not possible to specify that the principal must have
derived_role_a AND derived_role_b
. If you want to ensure that both conditions from those derived roles have been met, you'd need to define a third derived role that encompasses both conditions and write your policy rule targeting only that new derived role.
I understand, thank you!